Exploiting Cashier-as-a-Service Providers

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Exploiting Cashier-as-a-Service Providers (futurity.org)

Submitted by SydShamino on Wednesday April 06, 2011 @06:28PM

SydShamino writes: Researches at Indiana University and Microsoft found and exploited flaws in the communication between web stores and third-party cashiers (Amazon Payments, PayPal, Google Checkout) to order items for free, or at prices of their choice. "We believe that it is difficult to ensure the security of a CaaS-based checkout system in the presence of a malicious shopper" said the study co-author. The identified flaws have been reported and fixed, but they feel that more, similar flaws are likely given the complicated nature of many web-based transactions.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.