e-commerce emilee king. introduction ecommerce.about.com defines e-commerce or electronic commerce...
TRANSCRIPT
![Page 1: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/1.jpg)
E-Commerce Emilee King
![Page 2: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/2.jpg)
Introduction
• Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet.
• Growing use due to convince and cost differences both for customers and business owners.
• According to Prosper Insights & Analytics, 34% of Americans say that they completed 50% or more of their shopping online—that’s a 99% increase from the 2006 shopping season.
![Page 3: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/3.jpg)
Web Spoofing
• Web spoofing is where a person makes a web site that looks like the site that the user believes that they are visiting; so the user will give the hoax website all of their information thinking it is the site that they wanted to go to.
• Most of these websites rely on the user accidentally mistyping in the address of the website they wanted to go to, or are a result from the hacker sending fake emails saying the user needs to reset their password or verify their information.
![Page 4: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/4.jpg)
Ebay’s Problem with Web Spoofing
• Classified ads are being exploited on eBay by modifying the listings with JavaScript Redirects and proxies.
• JavaScript embedded within the item's description will automatically redirect the victim's browser to the attacker's website.
• The victim is completely unaware and usually gives the scammer money.
![Page 5: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/5.jpg)
How is EBay Handling This..?
• Essentially, they aren’t.
• Since the scams are happening in the classified section, the buyers and sellers are not protected by Ebay.
• EBay put a new clause in their terms in conditions that users are not allowed to use javascript in their listings. So a user gets banned if they are caught.
• Since the scammers use compromised accounts, Ebay ends up banning someone who just got their password stolen.
![Page 6: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/6.jpg)
How Easy Is This To Fix?
• Pretty darn easy.
• Seriously, just Google “How to secure an iFrame”
• Ebay would just append their terms and conditions rather than fix the problem.
![Page 7: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/7.jpg)
Denial of Service Attacks
• Standard DDoS attacks
• Smokescreen DDoS attacks
• New Amplified DDoS attacks
![Page 8: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/8.jpg)
Standard DDoS Attacks
• E-commerce sites are hurt by DDoS attacks by loss of revenue, damaging the company’s brand image, and the company’s relationship with its customers.
• Attackers tell botnets to contact a specific server or Web site repeatedly.
• This can generate enough traffic to slow the site or in some cases take the site offline.
![Page 9: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/9.jpg)
Amazon and DDoS
• 2009 major e-commerce sites such as Wal-Mart and Amazon were a target of a DDoS attack that took down their site for an hour.
• It’s just an hour right? How much can a business lose for not selling things for an hour?
• When Amazon went down for just 40 minutes last year Forbes estimated the online retail giant lost $66,240 dollars per minute, totaling nearly $2 million dollars.
![Page 10: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/10.jpg)
Amazon’s Solution
• Elastic Infrastructure or EC2
• Designed to automatically scale to handle giant traffic spikes.
• Proven effective when hacktivist group Anonymous tried a DDoS attack after Amazon stopped hosting WikiLeaks after US documents were leaked.
![Page 11: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/11.jpg)
Smoke Screen DDoS
• Shorter but more intense attacks, this attack does not have the intention of taking a site down.
• While IT staff is distracted trying to take care of a DDoS attack, they are not monitoring everything else for a breach. So criminals come in and steal private data, intellectual property, and in some cases deleted information off of organizations’ servers.
• In one case, crooks used DDoS to help steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours .
![Page 12: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/12.jpg)
New Amplified Attacks
• http://youtu.be/BcDZS7iYNsA?t=5m40s
• CloudFlare’s data centers were recently attacked, and reached bandwidths of 400 gigabits per second.
![Page 13: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/13.jpg)
Why This Matters
• E-Commerce is now a common practice and it’s not going to go away.
• We need to be able to build secure sites or fix them to avoid Ebays problem, or work on solutions like EC2.
![Page 14: E-Commerce Emilee King. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ec85503460f94bd57ba/html5/thumbnails/14.jpg)
References
• Clay, K. (2013, August 19). Amazon.com Goes Down, Loses $66,240 Per Minute. Retrieved from Forbes: http://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute/
• Drenik, G. (2014, February 03). Year Of Reckoning For Brick And Mortar Retailers. Retrieved from Forbes: http://www.forbes.com/sites/prospernow/2014/02/03/year-of-reckoning-for-brick-and-mortar-retailers/
• Invesp. (2011, July 18). How Big Is E-commerce Industry. Retrieved from Invespsoft: http://www.invespsoft.com/blog/ecommerce/how-big-is-ecommerce-industry.html
• Lemos, R. (2013, September 9). Countering Attacks Hiding In Denial-Of-Service Smokescreens. Retrieved from Dark Reading: http://www.darkreading.com/analytics/threat-intelligence/countering-attacks-hiding-in-denial-of-service-smokescreens/d/d-id/1140474?
• Mello, J. J. (2014, February 12). Hackers Perfectly Time Largest DDoS Attack Ever. Retrieved from E Commerce Times: http://www.ecommercetimes.com/story/79965.html
• Mutton, P. (2014, April 28). Fraudsters modify eBay listings with JavaScript redirects and proxies. Retrieved from NetCraft: http://news.netcraft.com/archives/2014/04/28/fraudsters-modify-ebay-listings-with-javascript-redirects-and-proxies.html
• Neustar . (2014, April 28). Smokescreening: Data Theft Makes DDoS More Dangerous. Retrieved from CircleID: http://www.circleid.com/posts/20140428_smokescreening_data_theft_makes_ddos_more_dangerous/
• Time. (1999, December 27). 1999 Person of the Year. Retrieved from Time.com: http://web.archive.org/web/20000408032804/http://www.time.com/time/poy/bezos5.html