E-BUSINESS | TECHNOLOGY | CRM | LINUX | MAC | NETWORK MAP

Welcome | Sign In

Discussion

E-Commerce Times
- Business
- E-Commerce
- Enterprise IT
- Mobile
- Security
- SMB
- Social Media
  - Social Media Marketing
  - Social Networks
- Trends
LinuxInsider
- Business
- Community
- Developers
- Enterprise
- Mobile
- Reviews
- Software
- Tech Blog
TechNewsWorld
- Computing
- Internet
- IT
- Mobile Tech
- Reviews
- Security
  - Cybersecurity
  - Hacking
  - Malware
  - Privacy
- Technology
  - Emerging Tech
  - Gaming
  - Home Tech
  - How-To
  - Science
    - Health
    - Space
  - Tech Buzz
  - Tech Law
  - Video
- Tech Blog
CRM Buyer
- Business
  - Deals
  - Trends
  - Vendors
- CRM
  - Products
  - Strategy
- Customers
- Enterprise Apps
- Mobile CRM
- Social CRM
  - Practices
  - Tools
MacNewsWorld
- Apple Buzz
  - Company
  - Products
- Business
  - Apple Financial
  - Legal
- Hardware
  - iPad
  - iPhone
  - Macs
- Mobile Apps
  - App Store
  - Developers
- Reviews
- Software
  - Gaming
  - iOS
  - Mac Apps
  - OS X
- Tech Blog
Reader Services

E-Commerce Times Talkback

ECT News Community » E-Commerce Times Talkback » Re: E-Commerce Sites Fail Security 101

Re: E-Commerce Sites Fail Security 101
Posted by: Paul A. Greenberg 2002-01-10 12:48:09

If online merchants expect longevity and prosperity, now is the time to find
vulnerabilities and repair them. After all, if an e-commerce novice gets burned, that
consumer's trust in online transactions will be irretrievably lost.
If there are four words e-commerce can always live
by those words are: Never Get Too Comfortable.

Re: E-Commerce Sites Fail Security 101
Posted by: devitry 2002-01-10 23:55:08 In reply to: Paul A. Greenberg

Hey everyone. I just wanted to clarify one thing about the c2it hole. It's a front end attack where there are three parties involved ( attacker, c2it.com, and a c2it user ). The attacker send a script to the user, which can then accesses their c2it account. The script, which runs on the c2it site, could then have transfered money or accessed that users account information.

The statement "More ambitious hackers could access entire lists of credit card numbers. " it a little overstated. The "entire list" is only the list of credit card numbers that the attacked user has on their account, not all the credit card numbers in the c2it system.

-dave

Most Popular | This Week on ECT News Network

ManageEngine

E-Commerce Times

Dish Eyes LightSquared's Wireless Spectrum

Getting the Best Out of IT Partnerships, IBM-SAP Style

Pinterest Tacks On Brand-Friendly Features

Marketing, Big Data Tech IPOs Get Rousing Market Welcome

Teenager's Power Storage Project Lights Up Science World

Congressional Investigation Scopes Apple's Web of Tax Havens

Food Testing for Safe Tasting

Yahoo's Too Uncool for Some Tumblr Bloggers

The 5-Step Plan for Picking the Right CRM Consultant

When Mobile CRM Goes Too Far, Part 1

InsideView Provides New Insights Into Sales Leads

Bloomberg Caught With Hands in the Customer Data Jar

Neo Technology's Emil Eifrem: 'Cloud Is the New Open Source'

The Windows Kernel's Achilles' Heel

MX Player Pro Lets You Bypass the Fiddling and Enjoy the Movie

Linux: The Gold Standard of Code

Stay and StatsBar Worthy Additions to a Mac's Utility Belt

The Clock Is Ticking on 30/30's Simple, Powerful Task Manager

Apple's Cook Heads to Washington to Talk Taxes

The Hot Mess That Is Apple's E-Book Legal Fight