Skip to main content

Lack of HTTPS on Amazon 2015

If you are browsing Amazon and someone is trying to capture your data and connection, then the person can easily see what you are browsing on Amazon or things you are buy.
If you commonly visit Amazon then you might have noticed 
that Amazon is not using HTTPS everywhere on their 
website. Only a few pages are HTTPS .

amazon_lock_http

Even, the person who is spying can see what has been purchased. This is how it can be done. Suppose you bought an IPod on Amazon one month ago. One day, you thought you need to see the warranty date. You go back to the website and click on My purchases. That page is secure(HTTPS). Then you click on your item. You go back to the page which is not  secure(HTTP). The hacker again gained access to what you are looking at. The hacker gained access because of the ref field in the url bar, which tells the hacker from which page the victim is coming.
amazon_lock_order_history
So, in this way, you compromise your security because of the fault of website. Stephen Merity found this problem and contacted Amazon they replied with no good news so he thought to share it with others. Stephen Merity wrote this in his blog :-
I reported this to Amazon previously via their security email but received a boilerplate response. Considering anyone interested in utilizing this information leak would already be doing so, I feel it’s worth raising awareness about the situation. At the very least, it adds to some of my previous articles on the lack of default HTTPS on Google Analytics and when HTTP referrers appear and disappear.
This could have been easily fixed by removing the ref variable from the URL bar , but Amazon did nothing.
The attacker can also get information, like last purchased, or from whom, etc
STAY CONNECTED!!
Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play
Post a Comment
Read more

WRITE "I LOVE YOU" ON CMD BY USING NOTEPAD

I had previously posted about   Matrix effect   using Notepad   as well as cool batch file  programs. In this post i will share with you guys  the cool and awesome  Notepad Tricks .  As name suggest you don't require any program other then Notepad.  So lets get started. 1. Open  Notepad   and copy below code. @echo off color 0A :A echo IIIIIII     L      OOOOOO V           V  EEEEEE     Y       Y  OOOOOO  U     U  ping -a .9 >nul echo    I        L      O    O  V         V   E           Y     Y   O    O  U     U  ping -b .9 >nul  echo    I        L      O    O   V       V    E            Y   Y    O    O  U     U  ping -a .9 >nul   echo    I        L      O    O    V     V     EEEEEE        Y Y     O    O  U     U  ping -b .9 >nul                                                     echo    I        L      O    O     V   V      E              Y      O    O  U     U  ping -a .9 >nul echo    I        L      O    O      V V       E              Y      O    O  U     U  pin
1 comment
Read more

Frank Abagnale Criminal

Frank Abagnale Synopsis Frank Abagnale became notorious for impersonating a pilot, a doctor, and a laywer while in his early 20s. He was arrested at 21 by the French police, and later hired by the FBI to teach them his fradulent tricks. He started his own consultating agency, educating corporations, financial institutions and government agencies Early Life Frank Abagnale Jr. was born on April 27, 1948, in Bronxville, New York. He was one of four children born to parents Frank Abagnale Sr. and Paulette Abagnale. The couple met in Algiers during World War II, while Frank Sr. was stationed in Oran. After the war, they moved to New York, where Frank started a stationery business on Madison Avenue. Frank Jr. had a happy childhood, and was especially close to his father. When his mother decided unexpectedly to leave his father, however, the young Frank's life was turned upside-down. Not only were his siblings devastated, but so was his father, who was still very much in lov
Post a Comment
Read more