



What are ciphers ?

How the Weak Ciphers Affects Paypal ?

Security researcher Aria Akhavan has found Critical security flaw in Paypal. He reported this to Paypal 2 months ago along with the SSL v2 and v3 vulnerabilities.Paypal had been using weak ciphers on their website over months now. This is common for websites, but for a money transaction website like Paypal, it is a critical flaw.In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information from plain text into cipher or code.Consider you are connected to a open WiFi network, and you're logging into your Paypal account. At the same time a hacker who is connected to the same network can sniff the traffic using various hacking tools.Those weak ciphers will allow hackers to decrpyt HTTPS traffic and then see all the request to Paypal in a plain text.Then he can read passwords and intercept the traffic.The same method works with trojans too. If the victim has a trojan and hackers can sniff traffic with it, hackers can decrypt it and simply see passwords, usernames and other datas. So it is a critical vulnerability.