Reddit, Sears, Grills That Cook Babies... And The Streisand Effect

from the have-at-it dept

Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:
Pretty amusing, and obviously something that Sears wasn't all that happy about. Sears's explanation for what happened doesn't quite make much sense, but what would you expect?
We discovered earlier today that someone visiting our site had defaced a limited number of product pages
It wasn't so much "defacing" from the sound of it, as it was a bug in the way the site was set up, but, what doesn't make much sense is that someone then forced Reddit to remove its original thread discussing Sears' URL hackability. It's not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).

Still, it should come as no surprise that the Reddit community doesn't take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it's not spam. So, now they've been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn't it just have been better to fix the URL-hackability and let things be?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: reddit, streisand effect, url hacking
Companies: conde nast, sears


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ChurchHatesTucker (profile), 21 Aug 2009 @ 12:43pm

    Or

    ... just laugh at it?

    Or are there that many hurried morons out there?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 12:50pm

    Magic 8 Ball says...

    The two guys that designed the Sears Website must be on vacation, gorging themselves on some curry-spiced noodles or whatever rich contractors from overseas do. So it's easier to get legal involved perhaps while they find another script jockey, this time with a background in security matters...?

    It'll be fixed after the 4th re-work, but will be hacked again in November.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 12:50pm

    Perfect for grilling up Eddie Izzard's "Rack o' babies" and "babies on spikes".

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 12:53pm

    "Wouldn't it just have been better to fix the URL-hackability and let things be? "

    No, because security through obscurity and lazy IT's who don't want to do their jobs is an important thing for society to maintain.

    link to this | view in chronology ]

  • icon
    Dark Helmet (profile), 21 Aug 2009 @ 12:58pm

    Question

    "Reddit, Sears, Grills That Cook Babies"

    I don't understand what the problem is.

    I mean, everyone knows that eating babies raw will give you hook worm...

    link to this | view in chronology ]

  • identicon
    TheStupidOne, 21 Aug 2009 @ 12:59pm

    ...

    SEARS SELLS A GRILL DESIGNED TO COOK BABIES!!!!!!!!!!!!!!!

    I'M GOING THERE RIGHT NOW!! YOU'RE ALL INVITED TO MY HOUSE LATER FOR A COOKOUT. BRING YOUR KIDS!!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 1:04pm

    Let me see if I have this right, and please feel free to correct me if I am wrong.

    Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night...leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.

    Right or wrong, and if wrong how so?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Aug 2009 @ 1:17pm

      Re:

      Wrong. The website is poorly designed, the hack was done by just adding a few words in the url after the ? sign.

      I am surprised that it worked at all, somebody really screwed up the code there.

      link to this | view in chronology ]

    • icon
      Alan Gerow (profile), 21 Aug 2009 @ 1:50pm

      Re:

      A person added some words to the URL of the website.

      The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.

      At no point was the server accessed, or any changes saved for other to view.

      A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.

      At no point would anyone who didn't mess around with the URL in the same way this person did ever see what they saw. It's not a hack in terms of someone gaining access to a remote system and wreaking havoc. It's a hack in the sense that someone found a bug in the website coder's query string paramater usage where the website didn't properly handle user supplied information.

      link to this | view in chronology ]

      • identicon
        Sean, 21 Aug 2009 @ 2:05pm

        Re: Re:

        My understanding is that in certain circumstances the information got cached, so people who didn't use the URL could see it. This was evidenced by one of the articles I read earlier today where the customer service representative from Sears that was called could see the changed page.


        So, general users might have seen a changed page. It's not that likely though, since it would need to be a cached page that was still in cache when accessed.

        link to this | view in chronology ]

        • icon
          Alan Gerow (profile), 21 Aug 2009 @ 2:34pm

          Re: Re: Re:

          And then that would need to be a server cache, not a local cache.

          When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.

          The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users ... then that's a much more serious security risk. Particularly if another user DIDN'T do the URL trick, then they're seeing a cache from a different URL, and that's just REALLY bad programming.

          One done by the developers, not the hackers, who would have had nothing to do with server caching.

          link to this | view in chronology ]

  • identicon
    Anonymous of Course, 21 Aug 2009 @ 1:04pm

    Must be one of those new green grills.

    If you really love the earth, eat more babies.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 1:05pm

    Says it's out of stock.

    Who forwarded this? Says here that someone in the Australia office of Fox News bought the last one...

    Wait a second... Rupert!

    link to this | view in chronology ]

  • identicon
    jon b., 21 Aug 2009 @ 1:08pm

    Apparently they fixed it already. I tried it and it didn't work.

    So they made part of the page copy pull from the URL. Could be a lot worse.

    It's not like you could hack the price or anything (I know of cases there this is/was possible.)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Aug 2009 @ 1:15pm

      Re:

      It's not like you could hack the price or anything (I know of cases there this is/was possible.)

      The old "embed the price in a hidden form field and let the user change it at will" trick... :)

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 1:25pm

    Happy They Did It

    I'm just happy they got it popular enough to hit the sites I regularly read - that was a nice little chuckle I would have otherwise missed out on today.

    link to this | view in chronology ]

  • icon
    Kevin Stapp (profile), 21 Aug 2009 @ 1:31pm

    Just one time I would like to hear a company say, "Hey, thanks for the heads up on our site vulnerability. We are working to correct it right now. If you have suggestions on how to address this issue we would really like to hear from you. We can talk about compensation if we find it mutually beneficial."

    Engaging a community will get you further than attacking it. Honey vs Vinegar.

    link to this | view in chronology ]

  • identicon
    James, 21 Aug 2009 @ 1:59pm

    Hmm...

    it only had a rating of 0.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Aug 2009 @ 2:01pm

    So I have A Modest Proposal

    link to this | view in chronology ]

    • icon
      DJ (profile), 21 Aug 2009 @ 2:16pm

      Re:

      So modest you don't feel comfortable actually presenting it?

      link to this | view in chronology ]

      • icon
        Alan Gerow (profile), 21 Aug 2009 @ 2:39pm

        Re: Re:

        (from Sealab 2021)

        Sparks: I've got something for you.
        Debbie: What is it?
        Sparks: A book.
        Debbie: What's the book?
        Sparks: A Modest Proposal.
        Debbie: By whom?
        Sparks: Jonathan Swift.
        Debbie: And what is the book about?
        Sparks: Eating babies.
        Debbie: ...the hell is that supposed to mean?
        Sparks: It's like veal, only babies.
        Debbie: That's sick!
        Sparks: I'm talking real baby back ribs.
        ((long pause))
        Debbie: ...the foulest thing I've ever heard!
        Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
        Debbie: You're sick!!
        Sparks: Just trying to help out a single mom

        link to this | view in chronology ]

        • identicon
          Mikecancook, 21 Aug 2009 @ 5:11pm

          Re: Re: Re:

          I feel ashamed that this is what I immediately thought of...."What's the book about?..."

          link to this | view in chronology ]

  • icon
    Blatant Coward (profile), 21 Aug 2009 @ 4:04pm

    Meat o freaking Rama!

    Great, now I'm craving babies again.

    link to this | view in chronology ]

  • identicon
    Robert Fisher, 22 Aug 2009 @ 8:48am

    Too Funny

    Just too funny! pwnd

    link to this | view in chronology ]

  • icon
    PrometheeFeu (profile), 22 Aug 2009 @ 8:53am

    I really do not see how that could be the infringement of any laws. All that it does is tell your own web browser to display something... Arn't I allowed to have my web browser display random stuff?

    link to this | view in chronology ]

  • identicon
    Øyvind from Norway, 15 Oct 2009 @ 4:28pm

    Sears who?

    ...ahh, that corporation who went nuts over that headline about grills and babies. Haven't heard much about them before (if at all, have no clue), but now I'll always associate them with this. Yes, the Streisand effect works.

    link to this | view in chronology ]

  • identicon
    b9mh, 5 Nov 2009 @ 10:09am

    b99mh

    thank you ar nice....
    you ar vere vere nice

    link to this | view in chronology ]

  • identicon
    voitures, 20 Nov 2009 @ 12:53pm

    Voiture au maroc

    It's not bad at all, I sincerlly liked it very much

    Thank you

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.