200,000 e-commerce sites vulnerable; Microsoft filter blocks Australian sites; Xero doubles annual losses


By Andrew Collins
Tuesday, 28 April, 2015


200,000 e-commerce sites vulnerable; Microsoft filter blocks Australian sites; Xero doubles annual losses

Almost 200,000 websites relying on the Magento e-commerce platform are vulnerable to a newly revealed exploit, according to IT security vendor Check Point Software.

The security vendor last week revealed that its Malware and Vulnerability Research Group had discovered a critical remote code execution (RCE) vulnerability in the Magento e-commerce platform.

If exploited, the vulnerability allows the attacker to “fully compromise” any online store based on Magento, the vendor said. The vulnerability allows an attacker to “bypass all security mechanisms” and gain control of an online store and its complete database.

This could give the attacker access to credit card information and other customer financial and personal data, the vendor said. The vulnerability is said to affect nearly 200,000 online shops.

“This attack is not limited to any particular plug-in or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise Editions,” a blog post from Check Point said.

“The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores - which represents about 30% of the e-commerce market,” said Shahar Tal, malware and vulnerability research manager at Check Point Software Technologies.

The security vendor said it privately disclosed the vulnerability and a list of suggested fixes to eBay - which owns the Magento platform - before making a public announcement. A patch to address the flaws was released in February this year.

The aforementioned Check Point blog post has more details on the vulnerability and is worth a read for anyone suspecting they may be at risk.

Microsoft filter blocks Aussie sites

The purportedly legitimate websites of several Australian businesses and educational institutions were blocked for up to five hours last week by Microsoft’s SmartScreen filter, denying users access to the sites, according to a news report from ITnews.

SmartScreen is a feature of several versions of Microsoft Internet Explorer that checks sites users visit against a dynamic list of reported phishing and malicious software websites. If a site a user visits matches one on the list, the user is given a warning letting them know that the site has been blocked.

ITnews reported that system administrators and website operators last Wednesday began complaining that their purportedly legitimate websites had been blocked and reported as unsafe by SmartScreen on Internet Explorer 11.

Websites blocked included those for Supercheap Auto, Ninemsn, La Trobe University, Melbourne University, the University of Wollongong, the University of the Sunshine Coast and Endeavour College.

According to ITnews, the “errant site blocking” was likely the result of an issue with the dynamic list that SmartScreen relies on.

One user wrote on Microsoft’s Technet website: “I find it hard to believe that our websites can simply be blocked by this SmartScreen filter, without providing us with any evidence or even contacting us to verify the legitimacy of our website.”

“How can Microsoft simply add our site to a ‘blacklist’ of sorts, without properly and correctly reviewing our site to confirm what has been reported? I find this to be extremely unprofessional and even be classed as defamation.”

ITnews quoted an anonymous sysadmin from another affected business who told the news website that the blocking had caused reputational damage to his company.

Xero doubles annual loss despite revenue growth

Online accounting software company Xero has reported an annual loss of NZ$69.5 million, almost double the losses of the previous financial year, while also reporting a 76% increase in operating revenue.

According to The Sydney Morning Herald, Xero revealed it had made an annual loss in the year ending 31 March of NZ$69.5 million - an almost 96% increase over the previous year’s annual loss of NZ$35.5 million.

However, operating revenue for the year ending 31 March came in at NZ$123 million, an increase of almost 76% from the previous year’s figure of NZ$70 million.

According to the Australian Financial Review, Xero’s operating expenses (including depreciation and amortisation) for this latest year rose 84% to NZ$201 million from the previous year.

Sales and marketing expenses for the recent year reportedly jumped 69% to NZ$93.7 million from the previous year, while investment in product and design rose to NZ$48.9 million and general and administration expenses more than doubled to NZ$24.5 million.

Image courtesy Maria Elena under CC

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd