Are your prices valid?

By Mark Gibbs, Network World | Software Add a new comment

April 03, 2001, 4:06 PM — Here’s a really silly problem that could be a major issue for your Web site: Hackers changing prices when they buy.

The way it works is pretty simple. You’re selling, say, a book for $14. The hacker saves the page that submits the purchase to the shopping cart and edits the price to, say, $1.40 in the saved page, and then uses a browser or HTML editor to publish the page to the URL that accepts the form.

The result for many sites is an erroneous shopping cart that can be processed as if it were real. Worse still, price alterations are often not caught when the basket is checked out -- indeed, the fraud may not be detected until the next audit!

So, make sure your Web ordering system checks prices as items are added to the shopping cart and then check them again on checkout.

Let me know if your Web site is immune to this problem, and if that’s because you’ve been caught by this hack. I promise not to tell anyone.

Add a comment

From CIO.com

From CSO Online

Eight features Windows 8 borrowed from Linux

17 comments
Will Do Not Track kill the 'free' Internet?

8 comments
How to avoid being tagged as a terrorist: Don't pay cash for coffee

4 comments
How to kill Web trackers dead

3 comments
Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

3 comments

Older
|
Newer

ITworld LIVE

crhylove_tw121250214 commented on Linux Mint 13 gets back to desktop basics
RightKlik_tw18925783 commented on Sony shows power outlets that can control electricity by user, device, or source
nkbflsfids9a commented on The Playstation Vita won't make phone calls, but a future Vita OS device might
nkbflsfids9a commented on Girl builds LEGO Millennium Falcon in about 4 hours (video)
nkbflsfids9a commented on Yahoo talks with Alibaba end abruptly; shares drop nearly 6%
nkbflsfids9a commented on The Ghostery in the machine: Tracking the trackers
nkbflsfids9a commented on Real-world superpowers: Eye surgery lets some see well into the ultraviolet
nkbflsfids9a commented on FSF asks web devs to ID JavaScript code
nkbflsfids9a commented on Move to mobile will bring big changes for Linux
nkbflsfids9a commented on RIM: Revival possible, or dead man walking?
nkbflsfids9a commented on Microsoft India store hacked, user database exposed
nkbflsfids9a commented on Is Google developing a Google TV+Music device?
nkbflsfids9a commented on Apple files complaint against Motorola in the US to prevent iPhone 4S litigation
nkbflsfids9a commented on FBI says social media monitoring won't infringe privacy rights
nkbflsfids9a commented on Sony shows power outlets that can control electricity by user, device, or source
nkbflsfids9a commented on Massive Air Force ERP software project still struggling
jnaze shared iPad apps for book lovers on Email
Cube commented on Sony shows power outlets that can control electricity by user, device, or source
Cube has just joined ITworld
Gerald Lau has just joined ITworld
ryanhellyer_tw14598449 commented on Chromebooks are the electric car of laptops
ryanhellyer_tw14598449 has just joined ITworld
rasel2011 has just joined ITworld
Mark Cummuta shared IT pay: Premiums for IT skills drop as IT departments reorganize on Twitter
robertoevans_tw16339975 commented on How to avoid being tagged as a terrorist: Don't pay cash for coffee
The white paper Guaranteeing 100% Backup Recovery was viewed
AppDevGuy asks How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
CorinaGraham has just joined ITworld
jimlynch answers What mobile apps are the worst offenders to user privacy?

SoftwareWhite Papers & Webcasts

White Paper

Best Practices Guide: Microsoft Exchange 2010 on VMware

This guide provides best practice guidelines for deploying Exchange Server 2010 on vSphere.

White Paper

Free Trial: vRanger, the Powerful VMware Recovery Solution

When disaster strikes, don't waste hours and dollars recovering critical data. vRanger delivers blazing-fast speed and granular recovery for your VMware applications and data. Get your free trial today.

White Paper

Executive Guide to Business and Software Requirements

This paper is designed as an executive briefing on the issues surrounding business and software requirements. It features a wealth of statistics and tactics to help you get requirements right, and includes a tear-out single page summary.

White Paper

How to Launch a Successful IT Automation Initiative

Corporations across all industries are under increasing pressure to cut costs and work more efficiently. In the race to meet both of these requirements, many organizations turn to technology, often purchasing and installing disparate pieces of software in hopes of achieving efficiencies not afforded by manual systems.

White Paper

Why Corporations Need to Automate IT Systems Management

With corporate budgets being slashed and leaders expecting more out of their employees, companies are forced to do more with less, yet are still expected to provide the highest quality experience to customers. This is pushing them to make better use of their IT assets without breaking the budget. Companies are under more pressure than ever, thanks to data management regulations; increasingly complex security threats; and growing demand from management and end users for 24/7 uptime and high performance. These hurdles require a strategic investment in technologies that boost efficiency, save money and position IT as an integral part of the entire firm's operations. IT systems management is helping corporations fill these gaps.

See more White Papers | Webcasts