The Security Mirage of the Browser Padlock
Feb 25, 2011, 00:03 (0 Talkback[s])
(Other stories by Idan Aharoni)
"After Your Secure SSL Session Ends, Merchants can Theoretically
Keep your Entire Customer Profile in Clear Text. Attackers love to
Exploit Vulnerabilities in Online Stores to Steal that Data.
"During Anonymous' Operation Payback, in which they conducted
DDOS attacks against organizations that supposedly "wronged"
Wikileaks, a part of the group suggested that they should try and
embarrass these organizations in other manners. One of the proposed
ideas was to create a fake list of several thousand credit cards,
claiming that they have been compromised. They anticipated that
this news would be perceived as shocking, causing damage to the
reputation of their targets. Why eventually the group has decided
not to go ahead with the plan is unknown. A possible explanation
would be that they've learned the real amounts of compromised
credit cards. The TJX compromise alone spanned 45.6 million cards
and the news media these days is filled with stories about other
mass compromises, so a bogus story about a few thousand compromised
cards wouldn't even cause a dent.
"SSL False Sense of SecurityThe big compromises that hit the
news only tell a part of the story. As Black Hat hackers have
traded their morals for profits long ago, smaller online merchants
have also been prey to hacking attempts."