Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[ISN] Hacking Demonstration Shows Dangers of E-Commerce
From: mea culpa (jerichoDIMENSIONAL.COM)
Date: Thu Nov 04 1999 - 11:10:23 CST
Hacking Demonstration Shows Dangers of E-Commerce
Software to protect sites goes on market
JAN BOYD, STAN BUNGER
Monday, November 1, 1999
Before you get excited about doing all your Christmas shopping online, you
might want to read this: Peggy Weigle is CEO of a Silicon Valley software
company. She knows her way around a computer, and she's a regular Internet
But you won't catch her doing any online shopping this holiday season. ``I
probably would have done it last year,'' Weigle said. ``But knowing what I
know now, I'm physically going to the stores.''
The source of Weigle's fear is her company's founder, an Israeli military
veteran named Eran Reshef. Before she took the job at Perfecto
Technologies in Mountain View, Reshef showed Weigle how easily he could
penetrate an e-commerce Web site and find loads of detailed information.
We watched, too, as Reshef logged on to a bookseller's site. Within
minutes, he'd retrieved customer records dating back to 1997: thousands of
records, each listing name, address, e-mail address and book titles
Next, Reshef performed a little number he calls ``electronic
shoplifting'': He edited the site's online order form to reduce the price
of a book from $22.95 to $2.95. Had he gone a few steps farther, Reshef
actually could have purchased the book for the reduced price, adding a
whole new spin to Priceline.com's ``name-your-own-price'' marketing
Reshef's exploits didn't require any sophisticated software or
particularly detailed knowledge of computer code. ``The only thing you
need is an HTML editor that comes bundled with your Netscape or Internet
Explorer browser,'' he said. ``There is no magic to this.''
Although Web developers have put a great deal of effort into encrypting
customer data and building network fire walls to keep out hackers, the
approach Reshef used exploites another vulnerability: Web site
applications. The actual e-commerce software that lets you order a book or
CD online can be attacked.
Reshef learned the tricks of the trade during a five-year stint in the
Israeli Defense Force. Ask him what unit he served in and he replies, ``I
can't tell you.''
ISN is sponsored by Security-Focus.COM