Submitted by vadym on Sun, 09/28/2014 - 21:28
While there are some bugs in Authorize.net plugins for Drupal Commerce and Wordpress WooCommerce, Authorize.net SIM/DPM does not provide sufficient security protection. In this post I am going to show the weakest point of Authorize.net SIM/DPM process. You can easily complete multiple orders, but pay off only a single one. This is however true if you make multiple orders on a same amount.
Submitted by vadym on Mon, 09/15/2014 - 20:52
Submitted by vadym on Sun, 09/07/2014 - 17:38
In this article I am going to show you how to cheat the Drupal Commerce. I will make 2 orders: one for $1000 and another for $30. Due to weaknesses in the Authorize.net SIM/DPM and the way Commerce Authnet SIM/DPM module processes payments I would be able to pay $30 for a $1000 order. All I need is just a modern browser with an HTML Inspector.
Submitted by vadym on Sat, 08/30/2014 - 22:42
At one of my previous jobs we had a client who's organisation was crazy about security of the customer data, such as credit card numbers or billing info. They wanted to make their online store to be PCI compliant. Payment Card Industry Data Security Standard (PCI DSS) is a worldwide standard that was created to increase control around cardholder data to reduce credit card fraud via its exposure. However it does not mean that this standard makes merchants more secure. In fact there are some new vulnerabilities that I am going to show you in this article.