• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

FREE: Visual Studio .NET Trial DVD

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
well, we should take comfort in knowing that ppl from anandtech isn't the only ppl to put down the REAL source. As I look @ the file in front of me, there's:

(these include various typos and variations)

26 ppl that cited their source as ableshopper
20 ppl cited anandtech
25 ppl cited dealsea
3 cited dealspree
4 cited (not thin) wallet
210 cited slickdeals
2 cited techbar(not lose)s
14 cited thedailydeals

So apparently the ppl at Slickdeals either don't know to cover their tracks, or don't want anyone to get this deal, or the news broke there first. This is just a quick interesting survey, pls don't flame me or read any meanings into it.😛
 
Pretty ironic that they built that page with Dreamweaver too. I guess they don't even trust their own products either! 😀
 
This is pretty sad. That text file is pretty easy to find. I have a hard time believing Microsoft paid for this.
 
People are unbelivably trusting. Almost everybody gave a valid phone number, street address and email. Plenty of titles, company names...and many of these people aren't scrubs: lots of management and top-level IT types. Heck, if I need a few contacts of people in the business, I can just use this list. 😉
 


<< Unfortunately, this has nothing to do with Microsoft's security because...

I was hoping this would not turn into a "let's bash MS party". >>



AWWW! Your no fun! Why can't it be a "Let's bash M$ party"? 🙂

Actually, even if Microsoft is outsourcing the promotion, they should be smart enough to catch HUGE flaws like this!
 
I don't think this is how u want to launch a major programming tool... i think ppl would associate the insecure site with the (probably) insecure code in .net...
rolleye.gif
 
Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? Sorry that I'm not the hacker type, it just seems like everyone going to "have a look for themselves" wouldn't necessarily be a good idea.
 


<< Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? Sorry that I'm not the hacker type, it just seems like everyone going to "have a look for themselves" wouldn't necessarily be a good idea >>



That is the bad part, there is no hacking involved, they are blatantly advertising where the database is stored, you just have to know what to look for. No crime was comitted. The problem is bigger than it looks, but I can't go in specifics since it could cause some serious problems. On a side note, on most webservers, it is easy to find out the directory structure, without hacking (that knowledge wasn't needed in this case tho).
 


<< Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? >>


Nope, no hacking involved or breaking into the web server. You do have to figure out where the database is, but the means of doing so do not involve any illegal action. When you view any web page, the client-side source code for that page is almost always available to you...just right-click on it and select View Source. Notepad displays all the HTML and script for you. When you create a data entry form for a web page, you use a <form> tag, which basically tells the web server where to put the data that the user is submitting. In this case, the destination for the data is listed in the source code as a .txt file. All you have to do is to call up the URL of this text file. So if the text database is called userinfo.txt and the user form was located at www.insecure.com/signup/register.asp, all you would need to do is enter www.insecure.com/signup/userinfo.txt in your browser and the contents of the database will display in your window. This is so benign that even Google's web spider could find it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top