Contact Us          Submit a News Story          News Archives          Home

E-Commerce News

Many eCommerce sites still remain vulnerable to the Beast malware

October 18, 2012

Share on Twitter.

The latest monthly report by the SSL Labs project reveals that many eCommerce sites still remain vulnerable to the Beast Malware attack, more than a year after the underlying security vulnerability was clearly demonstrated by security researchers all over the globe.

The 'Beast Malware' is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript code actually works with a network sniffer to decrypt the encrypted cookies that a targeted website uses to grant access to restricted user accounts.

October numbers from SSL Pulse survey of 179,000 popular websites secured with the ubiquitous secure sockets layer (SSL) protocol demonstrates that 71 percent or more than 127,000 websites are still vulnerable to the BEAST attack.

And the latest numbers show little change from September figures, down just one percentage point from the 71.6 percent vulnerable to the BEAST attack recorded in August.

Exposure to the so-called CRIME attack was also rampant, 41 percent of the sample support SSL Compression, a key prerequisite of the attack in the first place.

The so-called Crime technique lures a vulnerable web browser into leaking an authentication cookie created when a user starts a secure session with a website. Once the cookie has been obtained, it can be used by hackers to log in to the victim's account on the site.

The root cause of the BEAST attack, first outlined by security researchers in September 2011, is a vulnerable ciphersuite on servers. The dynamics of the CRIME attack are more complex but capable of being thwarted at the browser or completely neutralized on a properly undated and configured server.

The SSL Pulse survey also looks at factors such the completeness of SSL certificate chains and cipher strengths, among other factors.

Of the 179,000 sites surveyed, only 24,400 or 13.6 percent deserve the designation as "secure sites", according to SSL Labs.

In other eCommerce news

In a bold and unexpected initiative that could open up a new path in the ongoing bricks-and-mortar versus eCommerce war, a consortium of fifteen major retailers have joined forces to develop a new mobile payment system to directly compete against Google Wallet.

The group, which includes such American giants as 7-Eleven, Best Buy, CVS, Lowe's, Shell, Target and Walmart, has formed a new company called Merchant Customer Exchange (MCX), which will offer a mobile-commerce solution under the same name.

"Combined, these participating member merchants already serve nearly every smartphone-enabled American on a daily basis, offering MCX the merchants the ability to offer a mobile-commerce solution that truly works for consumers," the group's website says.

In a press release issued on August 15, the group said that the combined annual sales of its founding members totaled around $1 trillion. Obviously, the MCX members would like to hang onto as much of that market as possible as the industry for mobile payments rapidly grows.

According to a Juniper Research report, although sales of physical goods by mobile phone are only expected to account for about 4 percent of retail transactions by 2017, they will amount to more than $1.3 trillion in total revenue.

But so far, MCX has shared little about how its payment system will work, except to say that development of its mobile application is underway, and that it will offer a flexible solution that will offer merchants a customizable platform with the features and functionality needed to best meet mobile consumers' needs.

The one telling statement it has made is that its application "will be available through virtually any smartphone." This would seem to indicate that whatever form the MCX system takes, it will not be based on Near Field Communication (NFC), the pay-by-tap technology that powers Google Wallet.

Currently, NFC is only available on a relatively select group of mobile handsets, which doesn't include any current iPhone models. More likely, MCX will involve technologies that are already built into most smartphones, such as SMS messaging, web-mediated transactions, or camera-based technologies such as QR codes.

In addition to Google Wallet, MCX faces competition from a number of other challengers. Leading the pack is ISIS, a payment system backed by mobile carriers AT&T, T-Mobile, Verizon and Square, a startup currently valued at $3.25 billion, which last week received a $25 million investment from coffee megachain Starbucks.

The key to success for any of them will be convincing consumers to adopt the technology. MCX says it believes it can do that by providing an efficient system that works across a variety of brick-and-mortar businesses, including retail, casual dining, and fuel stations, in addition to allowing eCommerce transactions.

"As merchants, no one understands our customers' shopping and payment experience better than we do," said Best Buy's Mark Williams, "and we're confident that together we can develop a technology solution that makes that experience more engaging, convenient and efficient."

Source: SSL Labs.

Get your fully dedicated Plesk Linux server with a free Plesk control panel, a $40 per month value.

Add to     Digg this story Digg this

Get a great Ubuntu Linux dedicated server for less than $3 a day!

Share on Twitter

This article was featured on the Business 5.0 portal. Click here to visit the site.     This article was featured on Business 5.0.

Advertise on E-Commerce News

Advertise on E-Commerce News and increase your site's visibility while boosting your sales.

If you have a product or service that deals with the ecommerce or ebusiness field, advertising on E-Commerce News can bring you new sales leads and close new marketing channels. This news portal is read by over 25,000 people a week.

Businessmen and woman that either own an ecommerce website, an ebusiness franchise, a B2B commercial exchange or by people in all walks of life that need to keep abreast of this fast-changing field. For more information on the many advantages of advertising on our news portal or to request pricing information, please send us an email and a marketing representative will be glad to answer you promptly.

Contact | Submit News | News Archives | Home

Copyright E-Commerce News. All rights reserved.