Reddit, Sears, Grills That Cook Babies… And The Streisand Effect

from the have-at-it dept

Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:

Pretty amusing, and obviously something that Sears wasn’t all that happy about. Sears’s explanation for what happened doesn’t quite make much sense, but what would you expect?

We discovered earlier today that someone visiting our site had defaced a limited number of product pages

It wasn’t so much “defacing” from the sound of it, as it was a bug in the way the site was set up, but, what doesn’t make much sense is that someone then forced Reddit to remove its original thread discussing Sears’ URL hackability. It’s not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).

Still, it should come as no surprise that the Reddit community doesn’t take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it’s not spam. So, now they’ve been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn’t it just have been better to fix the URL-hackability and let things be?

Filed Under: , ,
Companies: conde nast, sears

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Reddit, Sears, Grills That Cook Babies… And The Streisand Effect”

Subscribe: RSS Leave a comment
38 Comments
Anonymous Coward says:

Magic 8 Ball says...

The two guys that designed the Sears Website must be on vacation, gorging themselves on some curry-spiced noodles or whatever rich contractors from overseas do. So it’s easier to get legal involved perhaps while they find another script jockey, this time with a background in security matters…?

It’ll be fixed after the 4th re-work, but will be hacked again in November.

Anonymous Coward says:

Let me see if I have this right, and please feel free to correct me if I am wrong.

Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night…leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.

Right or wrong, and if wrong how so?

Alan Gerow (profile) says:

Re: Re:

A person added some words to the URL of the website.

The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.

At no point was the server accessed, or any changes saved for other to view.

A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.

At no point would anyone who didn’t mess around with the URL in the same way this person did ever see what they saw. It’s not a hack in terms of someone gaining access to a remote system and wreaking havoc. It’s a hack in the sense that someone found a bug in the website coder’s query string paramater usage where the website didn’t properly handle user supplied information.

Sean says:

Re: Re: Re:

My understanding is that in certain circumstances the information got cached, so people who didn’t use the URL could see it. This was evidenced by one of the articles I read earlier today where the customer service representative from Sears that was called could see the changed page.

So, general users might have seen a changed page. It’s not that likely though, since it would need to be a cached page that was still in cache when accessed.

Alan Gerow (profile) says:

Re: Re: Re: Re:

And then that would need to be a server cache, not a local cache.

When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.

The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users … then that’s a much more serious security risk. Particularly if another user DIDN’T do the URL trick, then they’re seeing a cache from a different URL, and that’s just REALLY bad programming.

One done by the developers, not the hackers, who would have had nothing to do with server caching.

Kevin Stapp (profile) says:

Just one time I would like to hear a company say, “Hey, thanks for the heads up on our site vulnerability. We are working to correct it right now. If you have suggestions on how to address this issue we would really like to hear from you. We can talk about compensation if we find it mutually beneficial.”

Engaging a community will get you further than attacking it. Honey vs Vinegar.

Alan Gerow (profile) says:

Re: Re: Re:

(from Sealab 2021)

Sparks: I’ve got something for you.
Debbie: What is it?
Sparks: A book.
Debbie: What’s the book?
Sparks: A Modest Proposal.
Debbie: By whom?
Sparks: Jonathan Swift.
Debbie: And what is the book about?
Sparks: Eating babies.
Debbie: …the hell is that supposed to mean?
Sparks: It’s like veal, only babies.
Debbie: That’s sick!
Sparks: I’m talking real baby back ribs.
((long pause))
Debbie: …the foulest thing I’ve ever heard!
Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
Debbie: You’re sick!!
Sparks: Just trying to help out a single mom

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »