It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Google Returns Reply Pages Attributed to Members?

page: 1
0

log in

join
share:

posted on Jul, 26 2005 @ 08:31 PM
link   
I may be completely misreading this, but it appears that when you reply to a post (at least on ID), the reply window is indexed and cached by google.

www.ignorancedenied.com...

Does this include login information? Could this be used to spoof a user and post under their account? If so, that would present a possible problem, no?

I don't know if people knew about this already or not, but I was wondering if this applies also to ATS.

I just don't want to have someone grab one of my replies and re-post it altered in any way.

I'm not sure if that's even possible, but that's why I'm asking the question with this thread.

Any help is appreciated.


[edit on 26-7-2005 by WyrdeOne]




posted on Jul, 26 2005 @ 08:41 PM
link   
How strange.....


On a sidenote and not meaning to hijack the thread...but what is Ignorance Denied all about and why cannot I log in?



posted on Jul, 26 2005 @ 08:41 PM
link   
For what it's worth, I clicked that link and although it has the reply all set up I wasn't logged in (I've never really used ID, I don't think I've ever logged in there let alone set it to autologin). So someone could get in there and see a couple of quotes and what it looks like when you're replying to a thread, but that's about it.



posted on Jul, 26 2005 @ 08:48 PM
link   
stumason
It's the sister site of ATS, sort of like a sister city. They do exchanges of information, collaborate on games and such. That's my understanding of it.

MCory1
Right, but with a little fiddling wouldn't it be possible to locate the logged in reply page?

I don't know if it's a big deal or not, but it seems to me that with a little dilligence, it would be possible to spoof someone's account using this method. Grab a logged-out reply from google, cross-reference with the site to find the poster's name, submit a password request or fudge it with a generator, and then go back to the saved google page to edit the reply.

I don't know, I might be completely wrong. I'm only a casual internet user, a nobody, so I don't have the ability to prove out my own theory, nor any desire to get caught trying to do so.

Just thought I'd bring it up and see what the responses were like.



posted on Jul, 26 2005 @ 09:06 PM
link   
How did you stumble upon this what did you search for?



posted on Jul, 26 2005 @ 09:12 PM
link   

Originally posted by WyrdeOne
MCory1
Right, but with a little fiddling wouldn't it be possible to locate the logged in reply page?

I don't know if it's a big deal or not, but it seems to me that with a little dilligence, it would be possible to spoof someone's account using this method. Grab a logged-out reply from google, cross-reference with the site to find the poster's name, submit a password request or fudge it with a generator, and then go back to the saved google page to edit the reply.

I don't know, I might be completely wrong. I'm only a casual internet user, a nobody, so I don't have the ability to prove out my own theory, nor any desire to get caught trying to do so.

Just thought I'd bring it up and see what the responses were like.


I really don't think anyone would be able to log in through this. Generally speaking, that login information is stored on your computer (in a cookie, if you have auto login turned on), and in the database on the server (which it uses to match to what ever you put into the username/password boxes.) There's no way they'd be able to tell who it was that was replying to that particular thread for one--the URL is what tells the site what's going on and what thread to quote:

action=reply tells the site you're replying to a thread, and
repquote=3467 is (I'm assuming) the number of the thread that you're quoting. Fire your original URL into your browser and change the repquote=3467 to repquote=3486. You should have a different quote in your reply box (I didn't want to post it here, but it's a post by pineappleupsidedown.)

Someone would still have to figure out your password and everything from it, which if they so desired they could probably do that anyways without anything needed from Google. They couldn't change any posts other than any really recent ones, just like you can't go back and change any of your posts. No worries man
Hope this made sense though at least.



posted on Jul, 26 2005 @ 09:30 PM
link   
I don't have any real experience with programming and the like, but from what I understand, services like google reference our pages and the like, so that they are searchable.

Ignorance denied is seperate from ATS, its a Sister Site, its not a daughter-site like with PTS and BTS. Ignorance Denied is a great site. I like to think of it as the 'not so conspiracy' oriented of ATS. We have cryptozoology, they have zoology. We have conspiracies in religion, they have Philosophy. But don't mistake that to mean that IgDen is a mirror version of us or something. Its a seperate site with very lively set of discussion and interesting characters participating. Anyone reading this should check it out, it'd be very easy for members here to become members there also.

www.ignorancedenied.com...

Theres a large confluence of membership between us too. There are a bunch of mods who are there who are just members, and their mods are members here.



posted on Jul, 27 2005 @ 06:04 AM
link   
IgnoranceDenied.com was the joint prize given to the winners of our previous Find The Rings competition.



posted on Jul, 27 2005 @ 12:35 PM
link   

Originally posted by WyrdeOne
Does this include login information?


No.


Could this be used to spoof a user and post under their account?


No.


Grab a logged-out reply from google, cross-reference with the site to find the poster's name, submit a password request or fudge it with a generator, and then go back to the saved google page to edit the reply.


If you're making up/hacking to find the password, then yeah, but that's no different than any time there's a password.



posted on Jul, 27 2005 @ 12:43 PM
link   
What a sweet prize!

You guys kick even more ass than I originally thought!


Amorymeltzer
Okay, thanks for the definitive answers. I was starting to come to the same conclusions (thanks MCory1), but I'm satisfied now.

Y'all can delete this thread, thanks.



posted on Jul, 27 2005 @ 01:02 PM
link   



new topics




 
0

log in

join