FREE: Visual Studio .NET Trial DVD

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
J

jackywebdesign

Senior member
Feb 16, 2001
483
0
0
well, we should take comfort in knowing that ppl from anandtech isn't the only ppl to put down the REAL source. As I look @ the file in front of me, there's:

(these include various typos and variations)

26 ppl that cited their source as ableshopper
20 ppl cited anandtech
25 ppl cited dealsea
3 cited dealspree
4 cited (not thin) wallet
210 cited slickdeals
2 cited techbar(not lose)s
14 cited thedailydeals

So apparently the ppl at Slickdeals either don't know to cover their tracks, or don't want anyone to get this deal, or the news broke there first. This is just a quick interesting survey, pls don't flame me or read any meanings into it.:p
 
S

scoreadeal

Senior member
Oct 14, 2000
633
0
0
> why would MS want to hire an outside company to do this work.

Maybe they don't trust their own Passport system? :D
 
S

scoreadeal

Senior member
Oct 14, 2000
633
0
0
Pretty ironic that they built that page with Dreamweaver too. I guess they don't even trust their own products either! :D
 
A

AU Tiger

Diamond Member
Dec 26, 1999
4,280
0
76
This is pretty sad. That text file is pretty easy to find. I have a hard time believing Microsoft paid for this.
 
M

mithrandir2001

Diamond Member
May 1, 2001
6,545
1
0
People are unbelivably trusting. Almost everybody gave a valid phone number, street address and email. Plenty of titles, company names...and many of these people aren't scrubs: lots of management and top-level IT types. Heck, if I need a few contacts of people in the business, I can just use this list. ;)
 
I

im2smrt4u

Golden Member
Jul 14, 2001
1,912
0
0


<< Unfortunately, this has nothing to do with Microsoft's security because...

I was hoping this would not turn into a "let's bash MS party". >>



AWWW! Your no fun! Why can't it be a "Let's bash M$ party"? :)

Actually, even if Microsoft is outsourcing the promotion, they should be smart enough to catch HUGE flaws like this!
 
J

jackywebdesign

Senior member
Feb 16, 2001
483
0
0
I don't think this is how u want to launch a major programming tool... i think ppl would associate the insecure site with the (probably) insecure code in .net...
rolleye.gif
 
V

vetteguy

Diamond Member
Sep 12, 2001
3,183
0
0
Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? Sorry that I'm not the hacker type, it just seems like everyone going to "have a look for themselves" wouldn't necessarily be a good idea.
 
E

etron

Junior Member
Mar 25, 2002
5
0
0


<< Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? Sorry that I'm not the hacker type, it just seems like everyone going to "have a look for themselves" wouldn't necessarily be a good idea >>



That is the bad part, there is no hacking involved, they are blatantly advertising where the database is stored, you just have to know what to look for. No crime was comitted. The problem is bigger than it looks, but I can't go in specifics since it could cause some serious problems. On a side note, on most webservers, it is easy to find out the directory structure, without hacking (that knowledge wasn't needed in this case tho).
 
M

mithrandir2001

Diamond Member
May 1, 2001
6,545
1
0


<< Please forgive my ignorance, but even if this is just sitting on the webserver wouldn't someone still have to break into it in order to determine the directory structure? I mean, you can't just 'guess' at where it is. And if that is the case, should a bunch of people be breaking into their webserver just to see this? >>


Nope, no hacking involved or breaking into the web server. You do have to figure out where the database is, but the means of doing so do not involve any illegal action. When you view any web page, the client-side source code for that page is almost always available to you...just right-click on it and select View Source. Notepad displays all the HTML and script for you. When you create a data entry form for a web page, you use a <form> tag, which basically tells the web server where to put the data that the user is submitting. In this case, the destination for the data is listed in the source code as a .txt file. All you have to do is to call up the URL of this text file. So if the text database is called userinfo.txt and the user form was located at www.insecure.com/signup/register.asp, all you would need to do is enter www.insecure.com/signup/userinfo.txt in your browser and the contents of the database will display in your window. This is so benign that even Google's web spider could find it.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom