Emilee King Introduction EcommerceAboutcom defines ecommerce or electronic commerce as Transacting or facilitating business on the Internet Growing use due to convince and cost differences both for customers and business owners ID: 344723
Download Presentation The PPT/PDF document "E-Commerce" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
E-Commerce
Emilee KingSlide2
Introduction
Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet
.
Growing use due to convince and cost differences both for customers and business owners.
According to Prosper Insights & Analytics, 34% of Americans say that they completed 50% or more of their shopping online—that’s a 99% increase from the 2006 shopping season.Slide3
Web Spoofing
Web spoofing is where a person makes a web site that looks like the site that the user believes that they are visiting; so the user will give the hoax website all of their information thinking it is the site that they wanted to go to.
Most of these websites rely on the user accidentally mistyping in the address of the website they wanted to go to, or are a result from the hacker sending fake emails saying the user needs to reset their password or verify their information. Slide4
Ebay’s Problem with Web Spoofing
Classified ads are being exploited on eBay by modifying the listings with JavaScript Redirects and proxies.
JavaScript embedded within the item's description will automatically redirect the victim's browser to the attacker's
website.
The victim is completely unaware and usually gives the scammer money.Slide5
How is EBay Handling This..?
Essentially, they aren’t.
Since the scams are happening in the classified section, the buyers and sellers are not protected by
Ebay
.
EBay put a new clause in their terms in conditions that users are not allowed to use
javascript
in their listings. So a user gets banned if they are caught.
Since the scammers use compromised accounts,
Ebay
ends up banning someone who just got their password stolen.Slide6
How Easy Is This To Fix?
Pretty darn easy.
Seriously, just Google “How to secure an
iFrame
”
Ebay
would just append their terms and conditions rather than fix the problem.Slide7
Denial of Service Attacks
Standard
DDoS
attacks
Smokescreen
DDoS
attacks
New Amplified
DDoS
attacksSlide8
Standard DDoS
Attacks
E-commerce sites are hurt by
DDoS
attacks by loss of revenue, damaging the company’s brand image, and the company’s relationship with its
customers.
Attackers
tell botnets to contact a specific server or Web site repeatedly.
This can generate enough traffic to slow the site or in some cases take the site offline.Slide9
Amazon and DDoS
2009 major e-commerce sites such as Wal-Mart and Amazon were a target of a
DDoS
attack that took down their site for an hour.
It’s just an hour right? How much can a business lose for not selling things for an hour?
When Amazon went down for just 40 minutes last year Forbes estimated the online retail giant lost $66,240 dollars per minute, totaling nearly $2 million dollars.Slide10
Amazon’s Solution
Elastic Infrastructure or EC2
Designed
to automatically scale to handle giant traffic
spikes.
Proven effective when
hacktivist
group Anonymous tried a
DDoS
attack after Amazon stopped hosting WikiLeaks after US documents were leaked.Slide11
Smoke Screen DDoS
Shorter but more intense attacks, this attack does not have the intention of taking a site down.
While IT staff is distracted trying to take care of a
DDoS
attack, they are not monitoring everything else for a breach.
So criminals come in and
steal private
data, intellectual property, and in some cases deleted information off of organizations’
servers.
In one case, crooks used
DDoS
to help steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours
.Slide12
New Amplified Attacks
http://
youtu.be/BcDZS7iYNsA?t=5m40s
CloudFlare’s
data centers were recently attacked, and reached bandwidths of 400 gigabits per second.Slide13
Why This Matters
E-Commerce is now a common practice and it’s not going to go away.
We need to be able to build secure sites or fix them to avoid
Ebays
problem, or work on solutions like EC2.Slide14
References
Clay, K. (2013, August 19).
Amazon.com Goes Down, Loses $66,240 Per Minute
. Retrieved from Forbes: http://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute/
Drenik
, G. (2014, February 03).
Year Of Reckoning For Brick And Mortar Retailers
. Retrieved from Forbes: http://www.forbes.com/sites/prospernow/2014/02/03/year-of-reckoning-for-brick-and-mortar-retailers/
Invesp
. (2011, July 18).
How Big Is E-commerce Industry
. Retrieved from
Invespsoft
: http://www.invespsoft.com/blog/ecommerce/how-big-is-ecommerce-industry.html
Lemos
, R. (2013, September 9).
Countering Attacks Hiding In Denial-Of-Service Smokescreens
. Retrieved from Dark Reading: http://www.darkreading.com/analytics/threat-intelligence/countering-attacks-hiding-in-denial-of-service-smokescreens/d/d-id/1140474?
Mello, J. J. (2014, February 12).
Hackers Perfectly Time Largest
DDoS
Attack Ever
. Retrieved from E Commerce Times: http://www.ecommercetimes.com/story/79965.html
Mutton, P. (2014, April 28).
Fraudsters modify eBay listings with JavaScript redirects and proxies
. Retrieved from
NetCraft
: http://news.netcraft.com/archives/2014/04/28/fraudsters-modify-ebay-listings-with-javascript-redirects-and-proxies.html
Neustar
. (2014, April 28).
Smokescreening
: Data Theft Makes
DDoS
More Dangerous
. Retrieved from
CircleID
: http://www.circleid.com/posts/20140428_smokescreening_data_theft_makes_ddos_more_dangerous/
Time. (1999, December 27).
1999 Person of the Year
. Retrieved from Time.com: http://web.archive.org/web/20000408032804/http://www.time.com/time/poy/bezos5.html