Reddit, Sears, Grills That Cook Babies... And The Streisand Effect

from the have-at-it dept

Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:
Pretty amusing, and obviously something that Sears wasn't all that happy about. Sears's explanation for what happened doesn't quite make much sense, but what would you expect?
We discovered earlier today that someone visiting our site had defaced a limited number of product pages
It wasn't so much "defacing" from the sound of it, as it was a bug in the way the site was set up, but, what doesn't make much sense is that someone then forced Reddit to remove its original thread discussing Sears' URL hackability. It's not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).

Still, it should come as no surprise that the Reddit community doesn't take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it's not spam. So, now they've been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn't it just have been better to fix the URL-hackability and let things be?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    ChurchHatesTucker (profile), Aug 21st, 2009 @ 12:43pm

    Or

    ... just laugh at it?

    Or are there that many hurried morons out there?

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    ChurchHatesTucker (profile), Aug 21st, 2009 @ 12:45pm

    Re: Or

    Now that I think about it, it reminds me of another over-reaction:
    http://www.youtube.com/watch?v=7SeL6i3sHM0

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 12:50pm

    Magic 8 Ball says...

    The two guys that designed the Sears Website must be on vacation, gorging themselves on some curry-spiced noodles or whatever rich contractors from overseas do. So it's easier to get legal involved perhaps while they find another script jockey, this time with a background in security matters...?

    It'll be fixed after the 4th re-work, but will be hacked again in November.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 12:50pm

    Perfect for grilling up Eddie Izzard's "Rack o' babies" and "babies on spikes".

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 12:53pm

    "Wouldn't it just have been better to fix the URL-hackability and let things be? "

    No, because security through obscurity and lazy IT's who don't want to do their jobs is an important thing for society to maintain.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Dark Helmet (profile), Aug 21st, 2009 @ 12:58pm

    Question

    "Reddit, Sears, Grills That Cook Babies"

    I don't understand what the problem is.

    I mean, everyone knows that eating babies raw will give you hook worm...

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    TheStupidOne, Aug 21st, 2009 @ 12:59pm

    ...

    SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!

    I'M GOING THERE RIGHT NOW!! YOU'RE ALL INVITED TO MY HOUSE LATER FOR A COOKOUT. BRING YOUR KIDS!!!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 1:04pm

    Let me see if I have this right, and please feel free to correct me if I am wrong.

    Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night...leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.

    Right or wrong, and if wrong how so?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous of Course, Aug 21st, 2009 @ 1:04pm

    Must be one of those new green grills.

    If you really love the earth, eat more babies.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 1:05pm

    Says it's out of stock.

    Who forwarded this? Says here that someone in the Australia office of Fox News bought the last one...

    Wait a second... Rupert!

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    ChurchHatesTucker (profile), Aug 21st, 2009 @ 1:07pm

    Re: ...

    "SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!"

    Y'know, just run with it.

    "We're not advocating cooking babies, we're just saying that other grills just don't have the headroom..."

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    jon b., Aug 21st, 2009 @ 1:08pm

    Apparently they fixed it already. I tried it and it didn't work.

    So they made part of the page copy pull from the URL. Could be a lot worse.

    It's not like you could hack the price or anything (I know of cases there this is/was possible.)

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Lulz, Aug 21st, 2009 @ 1:10pm

    Re: ...

    Would you mind "Throwing another shrimp on the Barbie"..?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 1:15pm

    Re:

    It's not like you could hack the price or anything (I know of cases there this is/was possible.)

    The old "embed the price in a hidden form field and let the user change it at will" trick... :)

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 1:17pm

    Re:

    Wrong. The website is poorly designed, the hack was done by just adding a few words in the url after the ? sign.

    I am surprised that it worked at all, somebody really screwed up the code there.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 1:25pm

    Happy They Did It

    I'm just happy they got it popular enough to hit the sites I regularly read - that was a nice little chuckle I would have otherwise missed out on today.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Kevin Stapp (profile), Aug 21st, 2009 @ 1:31pm

    Just one time I would like to hear a company say, "Hey, thanks for the heads up on our site vulnerability. We are working to correct it right now. If you have suggestions on how to address this issue we would really like to hear from you. We can talk about compensation if we find it mutually beneficial."

    Engaging a community will get you further than attacking it. Honey vs Vinegar.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    DJ (profile), Aug 21st, 2009 @ 1:45pm

    Re: Re: ...

    exactly. Put a positive spin on it. Give journalists nowhere to go.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 1:50pm

    Re:

    A person added some words to the URL of the website.

    The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.

    At no point was the server accessed, or any changes saved for other to view.

    A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.

    At no point would anyone who didn't mess around with the URL in the same way this person did ever see what they saw. It's not a hack in terms of someone gaining access to a remote system and wreaking havoc. It's a hack in the sense that someone found a bug in the website coder's query string paramater usage where the website didn't properly handle user supplied information.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 1:51pm

    Re: Re: ...

    ha ha ha

    Those babies & their freakishly big heads. It's unsettling. But tasty.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 1:53pm

    Re: Re:

    The Pay What You Want model for the technically adept.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    James, Aug 21st, 2009 @ 1:59pm

    Hmm...

    it only had a rating of 0.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Aug 21st, 2009 @ 2:01pm

    So I have A Modest Proposal

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Sean, Aug 21st, 2009 @ 2:05pm

    Re: Re:

    My understanding is that in certain circumstances the information got cached, so people who didn't use the URL could see it. This was evidenced by one of the articles I read earlier today where the customer service representative from Sears that was called could see the changed page.


    So, general users might have seen a changed page. It's not that likely though, since it would need to be a cached page that was still in cache when accessed.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    DJ (profile), Aug 21st, 2009 @ 2:12pm

    Re: Re: Re: ...

    LMAO, but oh the degrees to which that is SO wrong....

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    DJ (profile), Aug 21st, 2009 @ 2:16pm

    Re:

    So modest you don't feel comfortable actually presenting it?

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 2:34pm

    Re: Re: Re:

    And then that would need to be a server cache, not a local cache.

    When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.

    The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users ... then that's a much more serious security risk. Particularly if another user DIDN'T do the URL trick, then they're seeing a cache from a different URL, and that's just REALLY bad programming.

    One done by the developers, not the hackers, who would have had nothing to do with server caching.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 2:39pm

    Re: Re:

    (from Sealab 2021)

    Sparks: I've got something for you.
    Debbie: What is it?
    Sparks: A book.
    Debbie: What's the book?
    Sparks: A Modest Proposal.
    Debbie: By whom?
    Sparks: Jonathan Swift.
    Debbie: And what is the book about?
    Sparks: Eating babies.
    Debbie: ...the hell is that supposed to mean?
    Sparks: It's like veal, only babies.
    Debbie: That's sick!
    Sparks: I'm talking real baby back ribs.
    ((long pause))
    Debbie: ...the foulest thing I've ever heard!
    Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
    Debbie: You're sick!!
    Sparks: Just trying to help out a single mom

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Blatant Coward (profile), Aug 21st, 2009 @ 4:04pm

    Meat o freaking Rama!

    Great, now I'm craving babies again.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Mikecancook, Aug 21st, 2009 @ 5:11pm

    Re: Re: Re:

    I feel ashamed that this is what I immediately thought of...."What's the book about?..."

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Alan Gerow (profile), Aug 21st, 2009 @ 5:41pm

    Re: Meat o freaking Rama!

    The left overs from last night just didn't quench that deep down hunger?

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Esahc (profile), Aug 21st, 2009 @ 11:07pm

    Re:

    +1

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Robert Fisher, Aug 22nd, 2009 @ 8:48am

    Too Funny

    Just too funny! pwnd

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    PrometheeFeu (profile), Aug 22nd, 2009 @ 8:53am

    I really do not see how that could be the infringement of any laws. All that it does is tell your own web browser to display something... Arn't I allowed to have my web browser display random stuff?

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Ben Zayb, Aug 22nd, 2009 @ 9:02am

    Re:

    But nobody likes it when people point out how stupid they are.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    √ėyvind from Norway, Oct 15th, 2009 @ 4:28pm

    Sears who?

    ...ahh, that corporation who went nuts over that headline about grills and babies. Haven't heard much about them before (if at all, have no clue), but now I'll always associate them with this. Yes, the Streisand effect works.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    b9mh, Nov 5th, 2009 @ 10:09am

    b99mh

    thank you ar nice....
    you ar vere vere nice

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    voitures, Nov 20th, 2009 @ 12:53pm

    Voiture au maroc

    It's not bad at all, I sincerlly liked it very much

    Thank you

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This