Security Hero Rotating Header Image

Flaw in https blows hole in ecommerce security

Flaw in https blows hole in ecommerce security

A serious flaw in the way ecommerce sites implement secure internet access based though the secure HTTPS protocol could put customers’ credit card details at risk, it was claimed today.

Internet users are aware that they should only give their credit card details to sites that use HTTPS protocol to encrypt the transmission of user details over the internet. But First Base Technologies has spotted a flaw in the way many web sites use HTTPS, that renders the encryption useless.

According to Peter Wood, chief of operations at First Base Technologies, the flaw allows a hacker to hijack the internet cookies used to manage secure sessions on HTTPS web servers. “Many websites do not flag the session cookie used by HTTPS as secure,” he said speaking at InfoSecurity 2009.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31054

Leave a Reply

Your email address will not be published. Required fields are marked *