Chad (cannibal) wrote,
Chad
cannibal

Sears Grills for Cannibals

Last August Sears was using URL data to define categories on their website (explanation for web programmers and security geeks here) and some customers who were probably trying to figure out ways to game the cart/checkout system and get cheap prices (a very common attack) figured out that they could get it to show a page with a funny category title... and whether the customers knew it or not, the Sears website cache was badly implemented, so it would show it to other customers in order to speed up website response time. Worse yet, if a large number of amused Internet geeks went to an example URL link to see a funny title, I'm guessing it would appear as a "top pick" for all customers to see.

The result: Baby-roasting BBQ pulled from Sears site

I wouldn't call the people who messed with the Sears website hackers, crackers, or even script kiddies, any curious user who edited the "address" line on their web browser could do it, whether accidentally or in the course of trying to do something malicious.
  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments
Oh, bother . . . I was hoping to get one of those. I'll have to keep using my Body Part Roasting Pan for the foreseeable future.
Ebay used to run so many ads on Google that included the key words in the ad, that they would offer up ads like Dead Babies for Sale.
it's PURFECT for me!!! thanks!