| Author |
Topic |
|
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
 Posted - 22 Oct 2003 : 05:03:15
Quote:An apparent flaw in the lingerie giant's ordering system made it possible to tweak customer ID numbers and see what kind of knickers people were buying - a clear violation of Victoria's Secret online privacy policy. Jason Sudowski of Niantic, Connecticut was looking for a nice matching bra and undies set for his loved one when he discovered the panty raid flaw. He reported the incident to a customer service representative that dutifully told him to shove off.
ROFL! I just had to post this.   |
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 22 Oct 2003 : 05:05:12
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHAHAHAHAH
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*faints* Oh boy......thats classic. Thats really classic. "**** em" - Jobs in regards to customers
Warrior maclover5
68kMLA
Official 68kMLA Detective 
Number of 68ks Liberated: 7
Number of Contraband (PPC) Liberated from the Dumpster: 1 Oops, my post made the thread go widescreen. Edited by - maclover5 on 22 Oct 2003 05:06:36 |
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 22 Oct 2003 : 06:02:02
how pleasant, those customer service people can be huh?Official 68k videographer
Official MLA TourGuide
Editor of the MLAgazine
"I'm just a normal computer geek who somehow landed a social life" |
MacTO
New Member
Canada
60 Posts |
Posted - 22 Oct 2003 : 06:36:18
I think the general rule is to avoid reporting security problems. You'll probably get in as much trouble doing that as exploiting them.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 22 Oct 2003 : 11:08:38
What does the error do exactly?From what I can understand, you sign up, modify your own ID number a wee bit, and you can see what the purchases the other person's ID number is? (for example, if you and wife share an eMail box, and you know her ID, but not her PW, you jsut sorta "change" your ownID to hers...) that does seem like a serious security error, which should be reported. IMHO, ESPECIALLY about clothing, I wouldn't want people to know what I'm buying. And it could potentially lead to exposing other valuable information that may be stored on that site? Official 68k videographer
Official MLA TourGuide
Editor of the MLAgazine
"I'm just a normal computer geek who somehow landed a social life" |
Captain Z
Mobile Ops Commander
USA
637 Posts |
Posted - 22 Oct 2003 : 13:31:46
quote:
What does the error do exactly?From what I can understand, you sign up, modify your own ID number a wee bit, and you can see what the purchases the other person's ID number is? (for example, if you and wife share an eMail box, and you know her ID, but not her PW, you jsut sorta "change" your ownID to hers...)
Here's an example: Look at the URL for this thread on this forum
topic.asp.TOPIC_ID=6058.html the 6058 at the end, can be changed to any number before it or after it up to the latest topic started. Now if this was a store, you'd see someone else's purchase. A definite violation of privacy, and in some cases, a security problem too. A similar thing could be done where a credit card number is visible, and with that change, you can see multiple other credit card numbers. quote:
that does seem like a serious security error, which should be reported. IMHO, ESPECIALLY about clothing, I wouldn't want people to know what I'm buying. And it could potentially lead to exposing other valuable information that may be stored on that site?
If that guy reported it and the people in charge of that website did something about it, we, the general public, would never notice. But because they told him to buzz off, he brought it to the media, which blew the issue right open. There is an old saying: the squeaky wheel gets the oil (or something like that). In an idealistic world, that would be true. But in real life, the sqeaky wheel gets ignored, then harassed when the media catches wind. (prime example, Mephem HS case here on Long Island) ------------------
Captain Z - Mobile Operations Commander
68K Macintosh Liberation Army
32 68K Macs Liberated
Beholder of the Prototype Stick of Justice! Edited by - Captain Z on 22 Oct 2003 13:42:05 |
Christophillis
Forums Squadron Commander
USA
688 Posts |
Posted - 22 Oct 2003 : 14:05:45
This was on TechTV last night...--------------------
Christophillis- Portable Squadren Commander
68k Macintosh Liberation Army
Total 68k Macs Liberated: 6.02x10^23
Or just 6 Number One, you have the helm. I'll be in my ready room. |
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 22 Oct 2003 : 15:46:35
quote:
I think the general rule is to avoid reporting security problems. You'll probably get in as much trouble doing that as exploiting them.
I agree...take it from someone who's been there.... "**** em" - Jobs in regards to customers
Warrior maclover5
68kMLA
Official 68kMLA Detective
Number of 68ks Liberated: 7
Number of Contraband (PPC) Liberated from the Dumpster: 1 |
Victoria Ain't Got Many Secrets Left
68k of the Week: kastegir's PowerBook 180.