Exploiting Cashier-as-a-Service Providers

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Exploiting Cashier-as-a-Service Providers (futurity.org)

Submitted by SydShamino on Wednesday April 06, 2011 @06:28PM

SydShamino writes: Researches at Indiana University and Microsoft found and exploited flaws in the communication between web stores and third-party cashiers (Amazon Payments, PayPal, Google Checkout) to order items for free, or at prices of their choice. "We believe that it is difficult to ensure the security of a CaaS-based checkout system in the presence of a malicious shopper" said the study co-author. The identified flaws have been reported and fixed, but they feel that more, similar flaws are likely given the complicated nature of many web-based transactions.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.