Whatch out ...."PayPal has plugged a huge hole that exposed every account to hijacking.
The cross-site request forgery (CSRF) flaw reported by Egyptian researcher Yassar H Ali allowed attackers access to any PayPal account of their choosing if they were capable of convincing a target to click a link." [ »
www.theregister.co.uk/20 ··· _bounty/ ]