The Network Security. Org

Half of U.K. shopping websites 'open to attack'

Security flaws in half of U.K. retailers' websites leave them open to attack, new research found.

The vulnerability centres on the "forgotten password" feature on the log-in pages that email shoppers their passwords. According to penetration testing company SecureTest, many of these websites can be subjected to a "brute force" or enumeration attack. It found that of the 107 retailers' sites visited, 54 of the sites, 50.5 per cent, could be vulnerable to this type of attack.

Enumeration is the process of looking for differences in the response from an application when submitting valid and invalid user accounts. On a retailer's website, the username or registered email address can be inserted correctly and incorrectly on the "forgotten password" page in order to look for these differences. Half of U.K. shopping websites 'open to attack' - IT Security News - SC Magazine US

More News

• NetWitness releases free version of security software
  



• Three Reasons Why Users Won’t Buy Into Security
  



• Automated security testing & its limitations
  



• How to Use Network Behavior Analysis Tools
  



• The insider security threat in IT and financial services
  



• Top 10 Network Security Threats
  



• Big leap in malicious Web sites
  



• Network security makes a quantum leap
  



• Microsoft Preps 11 Security Bulletins for Patch Tuesday
  



• Practical Defense in Depth
  



• Apple releases another mega-patch for Mac OS X
  



• Security flaw in smart cards poses risk for transit, building access
  



• Free TrojanProof Password Tool Released for Windows
  



• Security scans with OpenVAS
  



• Do ISPs pose a bigger online privacy threat than Google
  



• HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
  



• Anatomy of a botnet
  



• Microsoft patches 8 critical bugs in Windows, Office
  



• Virtualization users should expect more attacks
  



• Threat From DNS Bug Is not Over, Experts Say