|
Title: Bing cashback exploit discovered, Microsoft sends in lawyers Post by: Tanya on November 11, 2009, 01:46:47 PM Bing cashback exploit discovered, Microsoft sends in lawyers
A Bing cashback vulnerability has been discovered by Samir Meghani of the Bountii Team. The flaw exists due to a software API oversight that allows users to fake transactions to Bing. Currently, Bing does not detect these faked transactions. The flaw affects both the customer and merchant. According to Samir, in his original posting, "merchants have a few options for reporting, but Bing suggests using a tracking pixel. Basically, the merchant adds a tracking pixel to their order confirmation page, which will report the the transaction details back to Bing." Samir detailed that the process was flawed but didn't pin point exactly how to generate fake transactions. Continue at Neowin Send via e-mail | Submit to Digg | Add to Live Favorites http://feeds.bink.nu/~r/binkdotnu/~3/xxiuhr9oUzw/bing-cashback-exploit-discovered-microsoft-sends-in-lawyers.aspx |