|
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Josh perrymon I was reading an article about an attacker that could have
changed a price in an online shopping cart- Snip---- <<SNIP Reshef’s $22.95 to
$2.95 sploit>> What are laws on this?? What if the guy did make the
transaction using his credit card? Since it is just a web transaction sending
html from the client to the server what proof would they have? Joshua Perrymon IANAL, but I believe that the contract
isn’t formed between buyer and seller until the purchase price is
accepted on both sides and money changes hands. The price in a store is analogous
to one in a catalog – suggested, and subject to change. Typically,
that means by the seller, but if the buyer does it and the seller accepts the
price, then it is a legal transaction. Once the money is accepted, the seller
has agreed to sell at that price, and taken the money, making it difficult for him
to suggest that he was unaware. Of course, what typically happens is that
the seller goes to ship the item, and sees how much was paid, and sends a bill for
the remaining balance before the item is shipped. Proof isn’t
really needed. Tom |
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
