But, it also claims that it fixed this issue after being informed by this researcher.
From the Article:
Egor Homakov of the Sakurity security consultancy found a weakness known as a race condition in the section of the Starbucks website responsible for checking balances and transferring money to gift cards. To test if an exploit would work in the real world, the researcher bought three $5 cards. After a fair amount of experimentation, he managed to transfer the $5 balance from card A to card B, not just once as one would expect, but twice. As a result, Homakov now had a total balance of $20, a net—and fraudulent—gain of $5.
The researcher went on to visit a downtown San Francisco Starbucks location to make sure his attack would actually work. He used the two cards to make a $16.70 cent purchase. He went on to deposit an additional $10 from his credit card "to make sure the US justice system will not put us in jail over $1.70," he explained in a blog post.
"It was just completely uncalled for claiming that I committed fraud," Homakov said of the latter call. "It made me angry."
More here
No comments:
Post a Comment