登录查看更多内容

Hackers used an https digital certificate to help capture BA customers’ card data

Rob Griffin

发布日期: 2018年9月13日

The BA heist exploited the inadequacies of digital certificates' security by using a supposedly trusted https domain, baways.com, to gather users’ card data that had been captured through a Javascript injection.

Not only do the shortcomings of digital certificates leave users with inadequate trust in a counterparty but they are now being actively exploited to defraud them.

How many more users need to be defrauded as a result of the failings of digital certificates before people realise the system is fundamentally broken?

Omlis addresses the security vulnerabilities of digital certificates head-on. To find out more, please get in touch.

要查看或添加评论，请登录

Rob Griffin的更多文章

WASTED TIME AT WORK

2022年6月30日

WASTED TIME AT WORK

A new study by academics from an Enterprise Partnership between Maryland and Delaware Universities has sought to…

9 条评论
FOR SALE: 21 million passwords for Fortune 500 companies

2019年11月4日

FOR SALE: 21 million passwords for Fortune 500 companies

This week it was found that over 21 million usernames and passwords for Fortune 500 companies are available for sale on…

1 条评论
Excluding fraud, Username and Password attacks cost the average company $4m per year. Solve the problem with MIRACL and banish Usernames and Passwords

2019年5月1日

Excluding fraud, Username and Password attacks cost the average company $4m per year. Solve the problem with MIRACL and banish Usernames and Passwords

Yesterday Akamai and Ponemon published research on the problem of credential stuffing where hackers play on the…

4 条评论
The World’s Local Bank Just Got Hacked

2018年11月8日

The World’s Local Bank Just Got Hacked

Two days ago the California Attorney General’s Office disclosed that on 2nd November HSBC Bank USA sent out an alert of…
The Crisis of Credential Theft

2017年11月16日

The Crisis of Credential Theft

This week Google published new research on stolen credentials (usernames and passwords) assessing the risk they pose to…
2017 US Data Breaches Rise 33% for Business and 63% for Finance Sectors

2017年10月30日

2017 US Data Breaches Rise 33% for Business and 63% for Finance Sectors

The Identity Theft Resource Center published data last week showing huge increases in the number of data breaches that…

1 条评论
Get rid of the hackers' honeypot!

2017年10月13日

Get rid of the hackers' honeypot!

The latest security breach of a central key repository a few days ago probably could have been the biggest ever!…

2 条评论
Mozilla echoes Google’s Mistrust of the World’s #1 Certificate Authority.

2017年5月17日

Mozilla echoes Google’s Mistrust of the World’s #1 Certificate Authority.

In spite of Symantec announcing at the end of April sweeping changes to reinstate trust within its Certificate…
The World’s #1 Browser Doesn’t Trust The World’s #1 Certificate Authority.

2017年4月1日

The World’s #1 Browser Doesn’t Trust The World’s #1 Certificate Authority.

Given how much we need improved trust on the Internet, one might hope that this headline was an April Fool. Sadly it is…
MWC - Malware World Congress?

2017年3月1日

MWC - Malware World Congress?

To coincide with Mobile World Congress, on Tuesday Kaspersky published its 2016 report on mobile malware attacks. The…

See all articles

Hackers used an https digital certificate to help capture BA customers’ card data

Rob Griffin

Rob Griffin的更多文章

社区洞察

其他会员也浏览了

Passout....passgas....PASSPHRASE!

Freedom Mobile Reset Password Hack

Your security is for sale on the vulnerability market

The Secret Spy... your camera.

What is HTTP & HTTPS....?

XSS | The worst case scenario

Password spraying

Weird New Cerber Ransomware Speaks To Its Victims

How Multi-Factor is used to authenticate the secure way.

Web Browser Security

Rob Griffin的更多文章

WASTED TIME AT WORK

FOR SALE: 21 million passwords for Fortune 500 companies

Excluding fraud, Username and Password attacks cost the average company $4m per year. Solve the problem with MIRACL and banish Usernames and Passwords

The World’s Local Bank Just Got Hacked

The Crisis of Credential Theft

2017 US Data Breaches Rise 33% for Business and 63% for Finance Sectors

Get rid of the hackers' honeypot!

Mozilla echoes Google’s Mistrust of the World’s #1 Certificate Authority.

The World’s #1 Browser Doesn’t Trust The World’s #1 Certificate Authority.

MWC - Malware World Congress?

社区洞察

其他会员也浏览了

Passout....passgas....PASSPHRASE!

Freedom Mobile Reset Password Hack

Your security is for sale on the vulnerability market

The Secret Spy... your camera.

What is HTTP & HTTPS....?

XSS | The worst case scenario

Password spraying

Weird New Cerber Ransomware Speaks To Its Victims

How Multi-Factor is used to authenticate the secure way.

Web Browser Security