Man hacked PayPal CertificateMoxie Marlinspike, an interestingly named white-hat hacker, quickly discovered that no good deed goes unpunished after his account was suspended by PayPal for inadvertently assisting the creation of a counterfeit certificate that enables anyone to hack the Internet payment processor. Since 2002, he has added a PayPal donation button on his website's download page for a hacker program named SSLSniff and another one named SSLStrip. To paraphrase PayPal's Acceptable Use Policy(which was sent via email by the company's representatives to Marlinspike after his account was suspended), the PayPal site should not be utilized by anyone to send or receive payments for merchandise that sport the private and personal data of third parties that violates pertinent laws. The correspondence further claims that the account suspension was a security measure they had to implement to protect Marlinspike and his account, and that they apologize for any inconvenience that resulted from their decision. What's more, the shelving of Marlinspike's account has automatically frozen five hundred dollars worth of his online money up until he sends an affidavit bearing his signature that pledges that he has removed all PayPal logos from his website. According to him, he was the one who had warned the site about the SSL exploit in the first place, and they rewarded his attempts at helping them by suspending his account outright. |