E-com­merce soft­ware vul­ner­a­ble to hack­ers

SP's MAI - - INTERNAL SECURITY CYBER -

On­line trans­ac­tions rely on a trusted third party, or “cashier,” who bridges the gap be­tween ven­dors and their cus­tomers. The use of a third party cashier, how­ever, also com­pli­cates the pay­ment logic and in­tro­duces a new class of vul­ner­a­bil­i­ties that can re­sult in sig­nif­i­cant fi­nan­cial losses to mer­chants. Com­puter sci­en­tists found flaws in e-com­merce soft­ware that al­lowed them to pur­chase sta­tionery, candy, and toys on­line at be­low their cor­rect cost.

A pop­u­lar open-source soft­ware for e-com­merce is vul­ner­a­ble to be­ing cheated, com­puter se­cu­rity re­searchers at the Univesity of Cal­i­for­nia, Davis, have found. By ex­ploit­ing vul­ner­a­bil­i­ties in the widely used os­Com­merce soft­ware, the re­searchers were able to pur­chase items from on­line stores for free or sub­stan­tially less than their cor­rect prices.

“The ma­jor­ity of the pay­ment mod­ules in os­Com­merce are vul­ner­a­ble to logic at­tacks that al­low you to pay less or even pay noth­ing at all,” said Fangqi Sun, a grad­u­ate stu­dent work­ing with Pro­fes­sor Zhendong Su in the Univer­sity of Cal­i­for­nia (UC) Davis Depart­ment of Com­puter Sci­ence. A UC Davis re­lease re­ports that the re­searchers have been at­tempt­ing to no­tify os­Com­merce of the dis­cov­ered vul­ner­a­bil­i­ties and to help the de­vel­op­ers patch the soft­ware. They have also re­funded the ven­dors for items they pur­chased at be­low cost dur­ing their re­search.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.