Basic flaws in e-commerce systems are putting customer details and sensitive company information at risk, according to new research.
Web server flaws, poor authentication mechanisms and faulty log-out facilities are the most widespread problems.
Roy Hills, technical director at NTA Monitor, which conducted the research, said: "Simple faults are worryingly common and on a level that can be exploited even by the most unsophisticated hackers.
"Given that security issues are the biggest inhibitor for online buyers, we were surprised to find that companies are not sealing their defences more thoroughly."
The list of basic mistakes includes:
- Lack of security exposing root access web servers.
- Logout facility not working, so that anyone using the PC directly afterwards can continue the session with full access to their account.
- Predictable authentication tokens which can be guessed to access other accounts on the system.
- Web servers that allow unencrypted access to secure areas, allowing information to be sent in the clear across the internet and sniffed in transit.
- Authentication token cookies cached on disk, so that anyone using the PC directly afterwards can log back into the session with full access to the account.
- Authentication fields not obscured during entry, so that people looking over a user's shoulder can see access details.
- Account lock mechanisms that do not work, leaving data unprotected from malicious brute force attacks.
- No protection against keystroke loggers allowing an attacker to log confidential information entered by the user.
- Weak password mechanisms where the system permits the user to choose insecure passwords, or no facility to change passwords.
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend
Using photocatalysts to convert carbon dioxide into usable energy such as methane or ethane