Home
Home

Directory
Directory

Articles
Internet News
Security News
Ecommerce News
Domain News

Site Tools
Site Speed Test
Keyword Research
Resolve Hostname
DNS Tools
Register Domains
Affiliate Programs
Open Source

Shopping Carts
Cart Reviews
SSL Certificates

Enter your email address to subscribe to our updates:

Delivered by FeedBurner


Venue Charts
Channel Traffic Rankings
OAI Stock Quotes and Charts
eBay's Worst Feedback

Forum
Forum Home
TulipTools News
Advertising
Blogging
Computer Hardware
Domain Names
Ecommerce
Financing
Int'l Trading
Graphics and HTML
Internet Access
Legal Issues
Internet Business
Auction Sites
Classified Ad Sites
Fixed Price Venues
Operating Systems
Programming
Search Engines
Internet Security
Software
Web Hosting
Webmaster Issues
Reviews
Announcements
Off Topic Discussion

Web Hosting
TulipHosting

Domain Names
TulipDomains

Web Stats
TulipStats

Forum Rules
Forum Rules
Privacy Policy

Site Map
Forum Sitemap
Sitemap Topics




Directory| Forums| Internet News|Cart Reviews| DNS Tools| Keyword Research| Site Speed Test| Security| | Domain Marketplace| Domain Blog
TulipTools Internet Business Owners and Online Sellers Community
  • Home
  • Search
  • Member List
  • Calendar
Hello There, Guest! Login Register
TulipTools Internet Business Owners and Online Sellers Community › Security › Internet Security › Web Server Security v
« Previous 1 2 3 Next »

Most Online Retailer Websites are Vulnerable to User Account Theft

  
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
Most Online Retailer Websites are Vulnerable to User Account Theft
03-21-2006, 12:16 PM,
Post: #1
mandy Offline
Administrator
*******
Posts: 9,932
Likes Given: 0
Likes Received: 6 in 5 posts
Joined: Feb 2011
Reputation: 0
Most Online Retailer Websites are Vulnerable to User Account Theft
Quote:Security flaws in the "forgotten password" feature of ecommerce websites leave half the UK's online retailers open to attack, according to security consultancy SecureTest.

It warns that the log-in process of many transactional websites can be subverted by a "brute force" or enumeration attack. In a survey of 107 popular online retail websites in the UK, SecureTest found that 54 of the sites (or 50.5 per cent) are potentially vulnerable to this type of hack attack...

Differences in responses by applications when valid and invalid user account names can give clues to hackers and form the basis of enumeration attacks...

full article: http://www.theregister.co.uk/2006/03/20/...rity_risk/

related topic:
Yahoo! Personals dating site has security problems
http://community.tuliptools.com/index.ph...861.0.html
Like Post Reply
[+]
03-30-2006, 11:23 AM,
Post: #2
mandy Offline
Administrator
*******
Posts: 9,932
Likes Given: 0
Likes Received: 6 in 5 posts
Joined: Feb 2011
Reputation: 0
Most Online Retailer Websites are Vulnerable to User Account Theft
A more in depth article on the SecureTest findings:

Quote:Most Online Retailer Websites are Vulnerable to User Account Theft through Enumeration Attacks

SecureTest has found over half of the major online retailers in the UK carry a user log-in page vulnerable to attack. The forgotten password feature, typically used as part of the log-in process on most transactional websites, can be subjected to a brute force or Enumeration Attack.

Enumeration describes the process of looking for differences in the response from an application when submitting valid and invalid user account names. On an ecommerce site, the users account name or registered email address can be inserted correctly and incorrectly on the forgotten password page in order to look for these differences...

full article: http://www.securitypark.co.uk/article.as...leid=25144&CategoryID=1
Like Post Reply
[+]
04-06-2006, 09:37 PM,
Post: #3
valleygirl Offline
Full Member
****
Posts: 209
Likes Given: 0
Likes Received: 0 in 0 posts
Joined: Oct 2005
Reputation: 0
Re: Most Online Retailer Websites are Vulnerable to User Account Theft
Quote:On an ecommerce site

On an ecommerce site you will lose customers forever if you don't have a password look-up page.  Damned if you do, damned if you don't.  :-\
Like Post Reply
[+]
04-07-2006, 02:49 AM,
Post: #4
maggie777 Offline
Big Member
*****
Posts: 390
Likes Given: 0
Likes Received: 0 in 0 posts
Joined: Jul 2005
Reputation: 0
Re: Most Online Retailer Websites are Vulnerable to User Account Theft
The article offers solutions but the software fixes are out of my control.  I should forward the article to Monster.  Sign13
Like Post Reply
[+]
« Next Oldest | Next Newest »




Possibly Related Threads…
Thread Author Replies Views Last Post
  Internet Security: THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS mandy 0 2,954 01-13-2009, 11:07 AM
Last Post: mandy
  Almost 1,000 Danish websites defaced as Anti-cartoon protests move online mandy 8 5,367 02-14-2006, 05:19 AM
Last Post: MEnTALgoddess
  Most DNS servers 'wide open' to attack mandy 0 2,733 10-25-2005, 08:10 AM
Last Post: mandy

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 1 Guest(s)
  • Contact Us
  • TulipTools Internet Business Owners and Online Sellers Community
  • Return to Top
  • Lite (Archive) Mode
  • RSS Syndication
  • Help
Current time: 06-17-2025, 08:33 AM Powered By MyBB, © 2002-2025 MyBB Group. Theme created by Justin S.
powered by Apache

powered by Linuxpowered by CentOS

Copyright 2000-2013 TulipTools.com. All rights reserved.