RSS
Twitter
Reddit, Sears, Grills That Cook Babies... And The Streisand Effect
from the have-at-it dept
Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:
We discovered earlier today that someone visiting our site had defaced a limited number of product pagesIt wasn't so much "defacing" from the sound of it, as it was a bug in the way the site was set up, but, what doesn't make much sense is that someone then forced Reddit to remove its original thread discussing Sears' URL hackability. It's not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).
Still, it should come as no surprise that the Reddit community doesn't take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it's not spam. So, now they've been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn't it just have been better to fix the URL-hackability and let things be?
Reader Comments
(Flattened / Threaded)
Or
... just laugh at it?
Or are there that many hurried morons out there?
(reply to this comment) (link to this comment)
Re: Or
Now that I think about it, it reminds me of another over-reaction:
http://www.youtube.com/watch?v=7SeL6i3sHM0
(reply to this comment) (link to this comment)
Magic 8 Ball says...
The two guys that designed the Sears Website must be on vacation, gorging themselves on some curry-spiced noodles or whatever rich contractors from overseas do. So it's easier to get legal involved perhaps while they find another script jockey, this time with a background in security matters...?
It'll be fixed after the 4th re-work, but will be hacked again in November.
(reply to this comment) (link to this comment)
Perfect for grilling up Eddie Izzard's "Rack o' babies" and "babies on spikes".
(reply to this comment) (link to this comment)
Re:
+1
(reply to this comment) (link to this comment)
"Wouldn't it just have been better to fix the URL-hackability and let things be? "
No, because security through obscurity and lazy IT's who don't want to do their jobs is an important thing for society to maintain.
(reply to this comment) (link to this comment)
Question
"Reddit, Sears, Grills That Cook Babies"
I don't understand what the problem is.
I mean, everyone knows that eating babies raw will give you hook worm...
(reply to this comment) (link to this comment)
...
SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!
I'M GOING THERE RIGHT NOW!! YOU'RE ALL INVITED TO MY HOUSE LATER FOR A COOKOUT. BRING YOUR KIDS!!!
(reply to this comment) (link to this comment)
Re: ...
"SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!"
Y'know, just run with it.
"We're not advocating cooking babies, we're just saying that other grills just don't have the headroom..."
(reply to this comment) (link to this comment)
Re: Re: ...
exactly. Put a positive spin on it. Give journalists nowhere to go.
(reply to this comment) (link to this comment)
Re: Re: ...
ha ha ha
Those babies & their freakishly big heads. It's unsettling. But tasty.
(reply to this comment) (link to this comment)
Re: Re: Re: ...
LMAO, but oh the degrees to which that is SO wrong....
(reply to this comment) (link to this comment)
Re: ...
Would you mind "Throwing another shrimp on the Barbie"..?
(reply to this comment) (link to this comment)
Let me see if I have this right, and please feel free to correct me if I am wrong.
Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night...leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.
Right or wrong, and if wrong how so?
(reply to this comment) (link to this comment)
Re:
Wrong. The website is poorly designed, the hack was done by just adding a few words in the url after the ? sign.
I am surprised that it worked at all, somebody really screwed up the code there.
(reply to this comment) (link to this comment)
Re:
A person added some words to the URL of the website.
The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.
At no point was the server accessed, or any changes saved for other to view.
A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.
At no point would anyone who didn't mess around with the URL in the same way this person did ever see what they saw. It's not a hack in terms of someone gaining access to a remote system and wreaking havoc. It's a hack in the sense that someone found a bug in the website coder's query string paramater usage where the website didn't properly handle user supplied information.
(reply to this comment) (link to this comment)
Re: Re:
My understanding is that in certain circumstances the information got cached, so people who didn't use the URL could see it. This was evidenced by one of the articles I read earlier today where the customer service representative from Sears that was called could see the changed page.
So, general users might have seen a changed page. It's not that likely though, since it would need to be a cached page that was still in cache when accessed.
(reply to this comment) (link to this comment)
Re: Re: Re:
And then that would need to be a server cache, not a local cache.
When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.
The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users ... then that's a much more serious security risk. Particularly if another user DIDN'T do the URL trick, then they're seeing a cache from a different URL, and that's just REALLY bad programming.
One done by the developers, not the hackers, who would have had nothing to do with server caching.
(reply to this comment) (link to this comment)
Must be one of those new green grills.
If you really love the earth, eat more babies.
(reply to this comment) (link to this comment)
Says it's out of stock.
Who forwarded this? Says here that someone in the Australia office of Fox News bought the last one...
Wait a second... Rupert!
(reply to this comment) (link to this comment)
Apparently they fixed it already. I tried it and it didn't work.
So they made part of the page copy pull from the URL. Could be a lot worse.
It's not like you could hack the price or anything (I know of cases there this is/was possible.)
(reply to this comment) (link to this comment)
Re:
The old "embed the price in a hidden form field and let the user change it at will" trick... :)
(reply to this comment) (link to this comment)
Re: Re:
The Pay What You Want model for the technically adept.
(reply to this comment) (link to this comment)
Happy They Did It
I'm just happy they got it popular enough to hit the sites I regularly read - that was a nice little chuckle I would have otherwise missed out on today.
(reply to this comment) (link to this comment)
Just one time I would like to hear a company say, "Hey, thanks for the heads up on our site vulnerability. We are working to correct it right now. If you have suggestions on how to address this issue we would really like to hear from you. We can talk about compensation if we find it mutually beneficial."
Engaging a community will get you further than attacking it. Honey vs Vinegar.
(reply to this comment) (link to this comment)
Re:
But nobody likes it when people point out how stupid they are.
(reply to this comment) (link to this comment)
Hmm...
it only had a rating of 0.
(reply to this comment) (link to this comment)
So I have A Modest Proposal
(reply to this comment) (link to this comment)
Re:
So modest you don't feel comfortable actually presenting it?
(reply to this comment) (link to this comment)
Re: Re:
(from Sealab 2021)
Sparks: I've got something for you.
Debbie: What is it?
Sparks: A book.
Debbie: What's the book?
Sparks: A Modest Proposal.
Debbie: By whom?
Sparks: Jonathan Swift.
Debbie: And what is the book about?
Sparks: Eating babies.
Debbie: ...the hell is that supposed to mean?
Sparks: It's like veal, only babies.
Debbie: That's sick!
Sparks: I'm talking real baby back ribs.
((long pause))
Debbie: ...the foulest thing I've ever heard!
Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
Debbie: You're sick!!
Sparks: Just trying to help out a single mom
(reply to this comment) (link to this comment)
Re: Re: Re:
I feel ashamed that this is what I immediately thought of...."What's the book about?..."
(reply to this comment) (link to this comment)
Meat o freaking Rama!
Great, now I'm craving babies again.
(reply to this comment) (link to this comment)
Re: Meat o freaking Rama!
The left overs from last night just didn't quench that deep down hunger?
(reply to this comment) (link to this comment)
Too Funny
Just too funny! pwnd
(reply to this comment) (link to this comment)
I really do not see how that could be the infringement of any laws. All that it does is tell your own web browser to display something... Arn't I allowed to have my web browser display random stuff?
(reply to this comment) (link to this comment)
Sears who?
...ahh, that corporation who went nuts over that headline about grills and babies. Haven't heard much about them before (if at all, have no clue), but now I'll always associate them with this. Yes, the Streisand effect works.
(reply to this comment) (link to this comment)
b99mh
thank you ar nice....
you ar vere vere nice
(reply to this comment) (link to this comment)
Voiture au maroc
It's not bad at all, I sincerlly liked it very much
Thank you
(reply to this comment) (link to this comment)
Add Your Comment