Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,199,379 members, 7,971,375 topics. Date: Thursday, 10 October 2024 at 09:03 AM |
Nairaland Forum / Science/Technology / Webmasters / Shoplift Bug: Magento Security Flaw (392 Views)
Google’s Project Zero Exposes New Microsoft Edge Security Flaw / Security Flaw Left Major Banking Apps Vulnerable To Mitm Attacks Over SSL / Firefox Users, Here's A Security Flaw You'll Need To Fix (2) (3) (4)
(1) (Reply)
Shoplift Bug: Magento Security Flaw by todhost(m): 10:37am On Sep 27, 2015 |
Source: https://www.todhost.com/blog/spam-management-on-a-joomla-website.html Is Magento seeing the end of its life cycle. Many will think so with the news of a major security flaw. "Shoplift Bug" "Shoplift" bug which allows an attacker to take complete command of a Magento store and its server. First came the news of eBay looking to sell eBay Enterprises, the parent company of Magento, leaving the future of Magento itself unclear. Now Magento faces one of the most bizarre security releases ever. In January 2015, a security company called Check Point found a high critical security flaw in all Magento sites. The "Shoplift" bug. Check Point disclosed this issue privately to Magento in January with a list of suggested fixes to eBay. On February 9: Magento released a patch for the security flaw. The patch SUPEE-5344 was not marked as a security release and was behind a login wall. Mid-April: Check Point notified Magento that they will finally publish details of the bug. April 16: Magento sent out a second, more urgent email to its mailing list. April 19: Magento placed a warning message inside the dashboard of Magento sites. April 20: The security issue was made public by Check Point. Magento's handling of the issue has been criticized and anyone downloading Magento today will be vulnerable as the community version of Magento hasn't been updated since 2014. Of critical concern is that 10 weeks after the patch was released, 60% of Magento sites remain unpatched, according to the creators of a test to see whether websites are vulnerable to the Shoplift bug. The handling of this critical bug could mark the end of an already slugish software - Magento e-commerce. |
(1) (Reply)
Get Your Website Ebook And Build Your Own Website Within Weeks / Non-hosted Nigerian Verified Adsense Needed Asap / Microsoft May Allow Windows 10 Activation With Windows 7/8.1 Keys
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 10 |