An anonymous reader writes "Microsoft's bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking bing cashback expoit with a cease & desist letter, rather than by fixing the underlying security problem. It is possible for a malicous user to create fake bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving their cash-back from bing. The original post is currently available in bing's cahce, although perhaps not for long. But no worries, the author makes it clear that the exploit should be painfully obvious to anyone who reads the bing cashback SDK."
Read more of this story at Slashdot.
delicious
digg
google
technorati
