Posts Tagged ‘Amazon’

AmazonSupport online store Amazon is so good that allows you to chat without logging on (or by phone).

Moreover, they are so ready to meet customers that we can change the address made by the order.

It’s just a gift for the social engineer.

For standard store’s clients is very convenient: the unexpected move or trip the customer can call to Amazon (or exit the chat) – and ask them to forward the last order at the new address.

But it is also convenient for attackers. Recently, more and more often we hear that the attackers redirect foreign orders Amazon to yourself.

Fraud scheme looks like this:

1. We learn the order number of the form 103-4XXXXXX-XXXXXXX. Amazon order numbers with the list of items sold on underground forums. Social engineer can even choose an appropriate order to the goods that he needs. (more…)

Vulnerability

SSL certificates verification

It appears, not only developers of Android-applications sin with illiterate introduction of SSL, but similar mistakes are present at programs of the leading software companies, including Amazon and Paypal.

Illiterate procedure of verification of SSL certificates is found out in mission-critical application, SDK, Java middleware, bank software etc. that opens before malefactors of possibility for MiTM-attack — anything worse than it and it is impossible to present, researchers from Stenfordsky and Texas universities which published scientific work “The most dangerous code in the world consider: verification of SSL certificates out of the browser”. That fact is worthy mentions that the group of the American scientists worked under the direction of the candidate of science of the Texas university Vitaly Shmatikov. (more…)