Reddit, Sears, Grills That Cook Babies… And The Streisand Effect
from the have-at-it dept
Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:
We discovered earlier today that someone visiting our site had defaced a limited number of product pages
It wasn’t so much “defacing” from the sound of it, as it was a bug in the way the site was set up, but, what doesn’t make much sense is that someone then forced Reddit to remove its original thread discussing Sears’ URL hackability. It’s not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).
Still, it should come as no surprise that the Reddit community doesn’t take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it’s not spam. So, now they’ve been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn’t it just have been better to fix the URL-hackability and let things be?
Filed Under: reddit, streisand effect, url hacking
Companies: conde nast, sears
Comments on “Reddit, Sears, Grills That Cook Babies… And The Streisand Effect”
Or
… just laugh at it?
Or are there that many hurried morons out there?
Re: Or
Now that I think about it, it reminds me of another over-reaction:
http://www.youtube.com/watch?v=7SeL6i3sHM0
Magic 8 Ball says...
The two guys that designed the Sears Website must be on vacation, gorging themselves on some curry-spiced noodles or whatever rich contractors from overseas do. So it’s easier to get legal involved perhaps while they find another script jockey, this time with a background in security matters…?
It’ll be fixed after the 4th re-work, but will be hacked again in November.
Perfect for grilling up Eddie Izzard’s “Rack o’ babies” and “babies on spikes”.
Re: Re:
+1
“Wouldn’t it just have been better to fix the URL-hackability and let things be? “
No, because security through obscurity and lazy IT’s who don’t want to do their jobs is an important thing for society to maintain.
Question
“Reddit, Sears, Grills That Cook Babies”
I don’t understand what the problem is.
I mean, everyone knows that eating babies raw will give you hook worm…
...
SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!
I’M GOING THERE RIGHT NOW!! YOU’RE ALL INVITED TO MY HOUSE LATER FOR A COOKOUT. BRING YOUR KIDS!!!
Re: ...
“SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!”
Y’know, just run with it.
“We’re not advocating cooking babies, we’re just saying that other grills just don’t have the headroom…”
Re: Re: ...
exactly. Put a positive spin on it. Give journalists nowhere to go.
Re: Re: ...
ha ha ha
Those babies & their freakishly big heads. It’s unsettling. But tasty.
Re: Re: Re: ...
LMAO, but oh the degrees to which that is SO wrong….
Re: ...
Would you mind “Throwing another shrimp on the Barbie”..?
Let me see if I have this right, and please feel free to correct me if I am wrong.
Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night…leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.
Right or wrong, and if wrong how so?
Re: Re:
Wrong. The website is poorly designed, the hack was done by just adding a few words in the url after the ? sign.
I am surprised that it worked at all, somebody really screwed up the code there.
Re: Re:
A person added some words to the URL of the website.
The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.
At no point was the server accessed, or any changes saved for other to view.
A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.
At no point would anyone who didn’t mess around with the URL in the same way this person did ever see what they saw. It’s not a hack in terms of someone gaining access to a remote system and wreaking havoc. It’s a hack in the sense that someone found a bug in the website coder’s query string paramater usage where the website didn’t properly handle user supplied information.
Re: Re: Re:
My understanding is that in certain circumstances the information got cached, so people who didn’t use the URL could see it. This was evidenced by one of the articles I read earlier today where the customer service representative from Sears that was called could see the changed page.
So, general users might have seen a changed page. It’s not that likely though, since it would need to be a cached page that was still in cache when accessed.
Re: Re: Re: Re:
And then that would need to be a server cache, not a local cache.
When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.
The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users … then that’s a much more serious security risk. Particularly if another user DIDN’T do the URL trick, then they’re seeing a cache from a different URL, and that’s just REALLY bad programming.
One done by the developers, not the hackers, who would have had nothing to do with server caching.
Must be one of those new green grills.
If you really love the earth, eat more babies.
Says it's out of stock.
Who forwarded this? Says here that someone in the Australia office of Fox News bought the last one…
Wait a second… Rupert!
Apparently they fixed it already. I tried it and it didn’t work.
So they made part of the page copy pull from the URL. Could be a lot worse.
It’s not like you could hack the price or anything (I know of cases there this is/was possible.)
Re: Re:
The old “embed the price in a hidden form field and let the user change it at will” trick… 🙂
Re: Re: Re:
The Pay What You Want model for the technically adept.
Happy They Did It
I’m just happy they got it popular enough to hit the sites I regularly read – that was a nice little chuckle I would have otherwise missed out on today.
Just one time I would like to hear a company say, “Hey, thanks for the heads up on our site vulnerability. We are working to correct it right now. If you have suggestions on how to address this issue we would really like to hear from you. We can talk about compensation if we find it mutually beneficial.”
Engaging a community will get you further than attacking it. Honey vs Vinegar.
Re: Re:
But nobody likes it when people point out how stupid they are.
Hmm...
it only had a rating of 0.
So I have A Modest Proposal
Re: Re:
So modest you don’t feel comfortable actually presenting it?
Re: Re: Re:
(from Sealab 2021)
Sparks: I’ve got something for you.
Debbie: What is it?
Sparks: A book.
Debbie: What’s the book?
Sparks: A Modest Proposal.
Debbie: By whom?
Sparks: Jonathan Swift.
Debbie: And what is the book about?
Sparks: Eating babies.
Debbie: …the hell is that supposed to mean?
Sparks: It’s like veal, only babies.
Debbie: That’s sick!
Sparks: I’m talking real baby back ribs.
((long pause))
Debbie: …the foulest thing I’ve ever heard!
Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
Debbie: You’re sick!!
Sparks: Just trying to help out a single mom
Re: Re: Re: Re:
I feel ashamed that this is what I immediately thought of….”What’s the book about?…”
Meat o freaking Rama!
Great, now I’m craving babies again.
Re: Meat o freaking Rama!
The left overs from last night just didn’t quench that deep down hunger?
Too Funny
Just too funny! pwnd
I really do not see how that could be the infringement of any laws. All that it does is tell your own web browser to display something… Arn’t I allowed to have my web browser display random stuff?
Sears who?
…ahh, that corporation who went nuts over that headline about grills and babies. Haven’t heard much about them before (if at all, have no clue), but now I’ll always associate them with this. Yes, the Streisand effect works.
b99mh
thank you ar nice….
you ar vere vere nice
Voiture au maroc
It’s not bad at all, I sincerlly liked it very much
Thank you
SEARS
I worked at sears auto center when this happened, we all got a good laugh out of it…. 😆