Reddit, Sears, Grills That Cook Babies... And The Streisand Effect
from the have-at-it dept
Adam sends in a link to a Reddit story where it comes out that someone (not entirely sure who) decided to push Reddit to take down an earlier story. Apparently Sears.com had some oddity in how content on its e-commerce site was displayed, and with a little URL-hacking some folks were able to create a Sears.com e-commerce page for a barbecue grill designed to cook babies:We discovered earlier today that someone visiting our site had defaced a limited number of product pagesIt wasn't so much "defacing" from the sound of it, as it was a bug in the way the site was set up, but, what doesn't make much sense is that someone then forced Reddit to remove its original thread discussing Sears' URL hackability. It's not at all clear who specifically got Reddit to take down the thread, though an admin admits that he was told to take it down. The obvious list of culprits, of course, would be Sears and Conde Nast (owners of Reddit).
Still, it should come as no surprise that the Reddit community doesn't take kindly to the idea that someone (whoever it might be) can dictate that a Reddit thread get deleted when it's not spam. So, now they've been pumping up this particular story about Reddit pulling down the thread, giving the whole story much more attention. Wouldn't it just have been better to fix the URL-hackability and let things be?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: reddit, streisand effect, url hacking
Companies: conde nast, sears
Reader Comments
Subscribe: RSS
View by: Time | Thread
Or
Or are there that many hurried morons out there?
[ link to this | view in thread ]
Re: Or
http://www.youtube.com/watch?v=7SeL6i3sHM0
[ link to this | view in thread ]
Magic 8 Ball says...
It'll be fixed after the 4th re-work, but will be hacked again in November.
[ link to this | view in thread ]
[ link to this | view in thread ]
No, because security through obscurity and lazy IT's who don't want to do their jobs is an important thing for society to maintain.
[ link to this | view in thread ]
Question
I don't understand what the problem is.
I mean, everyone knows that eating babies raw will give you hook worm...
[ link to this | view in thread ]
...
I'M GOING THERE RIGHT NOW!! YOU'RE ALL INVITED TO MY HOUSE LATER FOR A COOKOUT. BRING YOUR KIDS!!!
[ link to this | view in thread ]
Some person unknown appears to have gained access to a server hosting the catalog, was able to insert/modify pages into/in the catalog, and then slipped away into the night...leaving the newly amended catalog in place such that subsequent users would see only the catalog as amended.
Right or wrong, and if wrong how so?
[ link to this | view in thread ]
Must be one of those new green grills.
[ link to this | view in thread ]
Says it's out of stock.
Wait a second... Rupert!
[ link to this | view in thread ]
Re: ...
Y'know, just run with it.
"We're not advocating cooking babies, we're just saying that other grills just don't have the headroom..."
[ link to this | view in thread ]
So they made part of the page copy pull from the URL. Could be a lot worse.
It's not like you could hack the price or anything (I know of cases there this is/was possible.)
[ link to this | view in thread ]
Re: ...
[ link to this | view in thread ]
Re:
The old "embed the price in a hidden form field and let the user change it at will" trick... :)
[ link to this | view in thread ]
Re:
I am surprised that it worked at all, somebody really screwed up the code there.
[ link to this | view in thread ]
Happy They Did It
[ link to this | view in thread ]
Engaging a community will get you further than attacking it. Honey vs Vinegar.
[ link to this | view in thread ]
Re: Re: ...
[ link to this | view in thread ]
Re:
The way the website was coded, these extra words were displayed inside of the web page that was displayed to the person who used that URL with the added words only.
At no point was the server accessed, or any changes saved for other to view.
A screencapture was made to show everyone else what the URL tampering did to the rendered HTML.
At no point would anyone who didn't mess around with the URL in the same way this person did ever see what they saw. It's not a hack in terms of someone gaining access to a remote system and wreaking havoc. It's a hack in the sense that someone found a bug in the website coder's query string paramater usage where the website didn't properly handle user supplied information.
[ link to this | view in thread ]
Re: Re: ...
Those babies & their freakishly big heads. It's unsettling. But tasty.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Hmm...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
So, general users might have seen a changed page. It's not that likely though, since it would need to be a cached page that was still in cache when accessed.
[ link to this | view in thread ]
Re: Re: Re: ...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
When a user visits a web page, the computer can call up on the saved local version instead of getting a fresh new copy. So, a user could go back and see the mess up still, even if Sears fixed their website.
The web developers would have needed to implement server caching. And if they were caching user entered information (through the query string), saving that on the server, and then redishing it out to other users ... then that's a much more serious security risk. Particularly if another user DIDN'T do the URL trick, then they're seeing a cache from a different URL, and that's just REALLY bad programming.
One done by the developers, not the hackers, who would have had nothing to do with server caching.
[ link to this | view in thread ]
Re: Re:
Sparks: I've got something for you.
Debbie: What is it?
Sparks: A book.
Debbie: What's the book?
Sparks: A Modest Proposal.
Debbie: By whom?
Sparks: Jonathan Swift.
Debbie: And what is the book about?
Sparks: Eating babies.
Debbie: ...the hell is that supposed to mean?
Sparks: It's like veal, only babies.
Debbie: That's sick!
Sparks: I'm talking real baby back ribs.
((long pause))
Debbie: ...the foulest thing I've ever heard!
Sparks: RIBS!!! Dripping with sauce!!! Falling off the bone!!!
Debbie: You're sick!!
Sparks: Just trying to help out a single mom
[ link to this | view in thread ]
Meat o freaking Rama!
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Meat o freaking Rama!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Too Funny
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Sears who?
[ link to this | view in thread ]
b99mh
you ar vere vere nice
[ link to this | view in thread ]
Voiture au maroc
Thank you
[ link to this | view in thread ]