Chad (cannibal) wrote,

Sears Grills for Cannibals

Last August Sears was using URL data to define categories on their website (explanation for web programmers and security geeks here) and some customers who were probably trying to figure out ways to game the cart/checkout system and get cheap prices (a very common attack) figured out that they could get it to show a page with a funny category title... and whether the customers knew it or not, the Sears website cache was badly implemented, so it would show it to other customers in order to speed up website response time. Worse yet, if a large number of amused Internet geeks went to an example URL link to see a funny title, I'm guessing it would appear as a "top pick" for all customers to see.

The result: Baby-roasting BBQ pulled from Sears site

I wouldn't call the people who messed with the Sears website hackers, crackers, or even script kiddies, any curious user who edited the "address" line on their web browser could do it, whether accidentally or in the course of trying to do something malicious.

  • Trust architecture

    Inventing technologies that allow us to change behavior at scale in populations for the better - TED talk Nicholas Christakis I've been working on…

  • Travel advisories for Russia

    Canada says: exercise a high degree of caution due to crime, explosions on the St Petersburg metro on 3 April 2017. Crime against foreigners is a…

  • Forbes: car hacking hype?

    A good article on Forbes, Congress, '60 Minutes' Exaggerate Threat Of Car Hacking brings together the Markey report with a lot more information from…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded