October 18, 2012
Share on Twitter.
The latest monthly report by the SSL Labs project reveals that many eCommerce sites still remain vulnerable to the Beast Malware
attack, more than a year after the underlying security vulnerability was clearly demonstrated by security researchers all over
a network sniffer to decrypt the encrypted cookies that a targeted website uses to grant access to restricted user accounts.
October numbers from SSL Pulse survey of 179,000 popular websites secured with the ubiquitous secure sockets layer (SSL)
protocol demonstrates that 71 percent or more than 127,000 websites are still vulnerable to the BEAST attack.
And the latest numbers show little change from September figures, down just one percentage point from the 71.6 percent
vulnerable to the BEAST attack recorded in August.
Exposure to the so-called CRIME attack was also rampant, 41 percent of the sample support SSL Compression,
a key prerequisite of the attack in the first place.
The so-called Crime technique lures a vulnerable web browser into leaking an authentication cookie
created when a user starts a secure session with a website. Once the cookie has been obtained, it can be
used by hackers to log in to the victim's account on the site.
The root cause of the BEAST attack, first outlined by security researchers in September 2011, is a vulnerable
ciphersuite on servers. The dynamics of the CRIME attack are more complex but capable of being thwarted at
the browser or completely neutralized on a properly undated and configured server.
The SSL Pulse survey also looks at factors such the completeness of SSL certificate chains and cipher
strengths, among other factors.
Of the 179,000 sites surveyed, only 24,400 or 13.6 percent deserve the designation as "secure sites",
according to SSL Labs.
In other eCommerce news
In a bold and unexpected initiative that could open up a new path in the ongoing bricks-and-mortar versus eCommerce war, a consortium
of fifteen major retailers have joined forces to develop a new mobile payment system to directly compete against Google Wallet.
The group, which includes such American giants as 7-Eleven, Best Buy, CVS, Lowe's, Shell, Target and Walmart, has formed a
new company called Merchant Customer Exchange (MCX), which will offer a mobile-commerce solution under the same name.
"Combined, these participating member merchants already serve nearly every smartphone-enabled American on a daily basis,
offering MCX the merchants the ability to offer a mobile-commerce solution that truly works for consumers," the group's website
In a press release issued on August 15, the group said that the combined annual sales of its founding members totaled
around $1 trillion. Obviously, the MCX members would like to hang onto as much of that market as possible as the industry for mobile
payments rapidly grows.
According to a Juniper Research report, although sales of physical goods by mobile phone are only expected to account for
about 4 percent of retail transactions by 2017, they will amount to more than $1.3 trillion in total revenue.
But so far, MCX has shared little about how its payment system will work, except to say that development of its mobile application
is underway, and that it will offer a flexible solution that will offer merchants a customizable platform with the features and
functionality needed to best meet mobile consumers' needs.
The one telling statement it has made is that its application "will be available through virtually any smartphone." This would
seem to indicate that whatever form the MCX system takes, it will not be based on Near Field Communication (NFC), the pay-by-tap
technology that powers Google Wallet.
Currently, NFC is only available on a relatively select group of mobile handsets, which doesn't include any current iPhone
models. More likely, MCX will involve technologies that are already built into most smartphones, such as SMS messaging, web-mediated
transactions, or camera-based technologies such as QR codes.
In addition to Google Wallet, MCX faces competition from a number of other challengers. Leading the pack is ISIS, a payment system backed by mobile carriers AT&T, T-Mobile, Verizon and Square, a
startup currently valued at $3.25 billion, which last week received a $25 million investment from coffee megachain Starbucks.
The key to success for any of them will be convincing consumers to adopt the technology. MCX says it believes it can do that
by providing an efficient system that works across a variety of brick-and-mortar businesses, including retail, casual dining,
and fuel stations, in addition to allowing eCommerce transactions.
"As merchants, no one understands our customers' shopping and payment experience better than we do," said Best Buy's Mark Williams,
"and we're confident that together we can develop a technology solution that makes that experience more engaging, convenient and
Source: SSL Labs.
Get a great Ubuntu Linux dedicated server for less than $3 a day!
Share on Twitter
This article was featured on Business 5.0.
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you