Amazon Security Breach Impact Millions of Users

Northbrook, IL, February 7, 2005 – Beyond-IP (www.beyond-ip.com), the US distributors of Beyond Security, today announced that the Beyond Security Automated Scanning Appliance has discovered a security breach on http://www.amazon.com.

This security breach enables hackers to steal passwords and make purchases using stolen account information. The vulnerability is caused by Amazon.com's inadequate filtering of user-provided data. Once this data is introduced into the web page returned by Amazon.com's web server, the user’s browser can no longer distinguish between what is really part of Amazon.com's web site and what is part of the attack being performed.

The vulnerability uncovered on the Amazon.com website is a Cross-Site Scripting (XSS) vulnerability which enables hackers to serve false content within Amazon.com and to steal user's cookie’d information.

Serving false content within Amazon.com's web site has been used in the past to steal passwords, incite people into buying things by offering them false prices or items, and perform other types of phishing (scams) attacks.

After Beyond Security's Scanning appliance uncovered this vulnerability on January 18, 2004, an email was sent to Amazon.com informing them of this breach as is common in the industry.

Though Amazon.com patched the local problem, the vulnerability breach still exists.

Amazon.com was quick to fix only part of the vulnerability by placing restrictions on one of the parameters the user can provide, neglecting to place restrictions on all the values received from the user which were equally vulnerable.

BeyondSecurity develops an appliance which conducts on-going penetration testing. As part of their regular testing of the appliance, Amazon.com was tested. BeyondSecurity typically probes Amazon because of Amazon's reputation for being a very secure e-commerce website.

About Cross-Site Scripting Vulnerabilities

http://www.securiteam.com/securitynews/6T00D206AC.html
http://www.securiteam.com/securityreviews/5FP000A81E.html
http://www.securiteam.com/securityreviews/6D0030A8KI.html

About Beyond-IP

For organizations concerned about regulatory compliance or dissatisfied with the network security audit services provided by their consulting firms, Beyond-IP provides an Automated Vulnerability Management Appliance that provides a higher quality, lower cost network vulnerability assessment and management than any other alternative. The Automated Vulnerability Management Appliances performs a security mapping of your network and simulates attacks originating from either the internal or the external network. Once the security scanning is complete, the software generates a detailed vulnerability report specifying the security breaches, along with practical solutions to fix those vulnerabilities. Beyond-IP’s solutions allow simplified measurement, monitoring and management of vulnerabilities over time. Beyond-IP is the US arm of Beyond Security LTD. To learn more, visit www.beyond-ip.com.

About Beyond Security

Beyond Security is a leading provider of security assessment technologies. Beyond Security specializes in developing solutions for network security, providing detection and prevention tools. Solutions include internal network, external network and product security audits. Beyond Security owns and administers the world’s largest independent security portal -- SecuriTeam.com. This portal gives security professionals from around the world critical information on new security threats and vulnerabilities, and it provides background data, fixes, patches and workarounds to identified threats, 24 hours a day, 365 day a year, making it one of the most comprehensive security resources in the world. SecuriTeam currently receives over one million unique page impressions per month from security professionals worldwide and it contains over 6,500 pages of linked. To learn more, visit www.SecuriTeam.com

Contact for Beyond-IP, LLC

Ben Bradley
ben@maocnraine.com
630-221-9844