Exploit-wielding boffins go on free online shopping binge World's biggest e-commerce sites wide open


Recommended Posts

Exploit-wielding boffins go on free online shopping binge

World's biggest e-commerce sites wide open

By Dan Goodin in San Francisco

12th April 2011 20:57 GMT

Computer scientists have documented serious flaws in software running some of the world's biggest e-commerce sites and shown how they can be exploited to receive DVDs, digital journals, and other products for free or at sharply reduced prices not authorized by the sellers.

The findings, laid out in a paper to be presented at next month's IEEE Symposium on Security and Privacy, is an indictment of the software makers, the e-commerce sites, and the third-party cashiers used to process payments. By exploiting the buggy programming interfaces the three parties use to work together, the researchers were able to defraud sites including Buy.com, JR.com, and LinuxJournalStore.com. (They later canceled the transactions or returned the items to work around legal and ethical constraints.)

The researchers, from Microsoft and Indiana University, said the vulnerabilities stem from the interconnected communication among the end user making a purchase, the online merchants, and the cashier-as-a-service providers such as PayPal, Amazon Payments, and Google Checkout. The “trilateral interaction” is so complex that the two most popular e-commerce programs used to coordinate the communications can easily be fooled into approving the transactions for free, or at a tiny fraction of the price being charged.

Story: http://www.theregister.co.uk/2011/04/12/free_online_shopping_exploits/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...