Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Exploiting Cashier-as-a-Service Providers (

SydShamino writes: Researches at Indiana University and Microsoft found and exploited flaws in the communication between web stores and third-party cashiers (Amazon Payments, PayPal, Google Checkout) to order items for free, or at prices of their choice. "We believe that it is difficult to ensure the security of a CaaS-based checkout system in the presence of a malicious shopper" said the study co-author. The identified flaws have been reported and fixed, but they feel that more, similar flaws are likely given the complicated nature of many web-based transactions.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Exploiting Cashier-as-a-Service Providers

Comments Filter:

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer