diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


How to Shop for Free Online and Fool Online Merchants into Shipping Goods for Free?

Web applications increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for an app to coordinate its internal states with those of the component services and the web client across the Internet. In this paper, we study the security implications of this problem to merchant websites that accept payments through third-party cashiers (e.g., PayPal, Amazon Payments and Google Checkout), which we refer to as Cashier-as-a-Service or CaaS. We found that leading merchant applications (e.g., NopCommerce and Interspire), popular online stores (e.g., Buy.com and JR.com) and a prestigious CaaS provider (Amazon Payments) all contain serious logic flaws that can be exploited to cause inconsistencies between the states of the CaaS and the merchant. [Microsoft Research]

In the video below, MSR researchers Shuo Chen and Shaz Qadeer, as well as PhD student and key author of this really interesting research paper, Rui Wang, join for a conversation about the implications of this research (another author of the paper is XiaoFeng Wang of Indiana University Bloomington).

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...