
Token Fixation in Paypal - johnterry_cfc
http://homakov.blogspot.com/2014/01/token-fixation-in-paypal.html
======
pothibo
I'm annoyed every time homakov posts a vulnerability. He writes in a way that
belittle his target, like everyone is stupid except himself.

Also, I really dislike how he handles his disclosures.

~~~
znowi
His writings do carry a condescending tone, with a faint "l33t hax0r" taste. I
think it might be a case of a sudden fame multiplied by the teen spirit :)

~~~
eli
I would give people the benefit of the doubt. Especially when they're writing
in a language that isn't their mother tongue.

------
primitivesuave
I hear from a source very high up in PayPal that a large part of their
codebase is evolving at this point and that in the next couple months, we
should be seeing a wide range of developer-friendly changes. I'm not
advocating PayPal nor do I have any financial interest in PayPal, just
pointing out that they acknowledge how far behind they are and desperately
trying to catch up.

~~~
ExpiredLink
> _how far behind they are and desperately trying to catch up_

They are merely the market leader ...

~~~
DiabloD3
When you're the market leader, you have to work twice as hard as the next guy
in line. Paypal has at least 2 companies plus Bitcoin threatening to replace
them at any given moment.

~~~
primitivesuave
PayPal doesn't have to worry about being replaced as much as it has to worry
about being marginalized. If a developer who has never integrated payment into
their app asks me what platform to use, I'm going to answer "Stripe" without
hesitation because they make it very simple for developers to use. PayPal
needs to shift its focus toward making the developer experience better,
because right now their documentation is a steaming pile of shit and their web
interface is unintuitive.

