Basic flaws in e-commerce systems are putting customer details and sensitive company information at risk, according to new research.
Web server flaws, poor authentication mechanisms and faulty log-out facilities are the most widespread problems.
Roy Hills, technical director at NTA Monitor, which conducted the research, said: "Simple faults are worryingly common and on a level that can be exploited even by the most unsophisticated hackers.
"Given that security issues are the biggest inhibitor for online buyers, we were surprised to find that companies are not sealing their defences more thoroughly."
The list of basic mistakes includes:
- Lack of security exposing root access web servers.
- Logout facility not working, so that anyone using the PC directly afterwards can continue the session with full access to their account.
- Predictable authentication tokens which can be guessed to access other accounts on the system.
- Web servers that allow unencrypted access to secure areas, allowing information to be sent in the clear across the internet and sniffed in transit.
- Authentication token cookies cached on disk, so that anyone using the PC directly afterwards can log back into the session with full access to the account.
- Authentication fields not obscured during entry, so that people looking over a user's shoulder can see access details.
- Account lock mechanisms that do not work, leaving data unprotected from malicious brute force attacks.
- No protection against keystroke loggers allowing an attacker to log confidential information entered by the user.
- Weak password mechanisms where the system permits the user to choose insecure passwords, or no facility to change passwords.
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days
Sudden increases in availability of sniper rifles on Vikendi