It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Surrendering to Microsoft and Bing Cashback

page: 1
2

log in

join
share:

posted on Nov, 10 2009 @ 11:14 AM
link   

Surrendering to Microsoft and Bing Cashback


bountii.com

The purpose of my post was to show an implementation problem, not to encourage defrauding Microsoft. I am surprised they would go through this much trouble to make me take down information that is obvious to anyone reading their documentation.
(visit the link for the full news article)




posted on Nov, 10 2009 @ 11:14 AM
link   
This is the original article by the author, still available in the Bing cache.

Microsoft responds by sending threatening emails, bringing in lawyers and closing down his Bing account. To me, this is a typical Microsoft response to a problem with their software and I would like people to realize the kind of company they are dealing with here.

To me, this kind of response is disgusting and the direct opposite of what I would like to see from a company serious about making quality software.

bountii.com
(visit the link for the full news article)



[edit on 10-11-2009 by Copernicus]



posted on Nov, 10 2009 @ 11:25 AM
link   
Yep, I agree. Microsoft's lawyers went over board on this. I found a copy of the article out there. Nothing in the article is remotely hackerish.. It would be pretty obvious in fact to anyone with medium to high level development experience.

I am quoting the original article here in case Bing clears it from cache. Mods, if you feel this is a violation or risk, I'll remove it, but it helps understand the context.



I’ve never bought anything using Bing Cashback, but the balance of my account is $2080.06. Apparently, I placed two $1 orders on January 24th of this year, and spent another $104,000 on October 24th. Let’s see how these transactions might have “accidentally” got credited to my account.

First, we need to try to figure out how transactions get into Bing Cashback. Microsoft posted some documentation here. The explanation of how a merchant reports transactions to Bing starts on page 20. Merchants have a few options for reporting, but Bing suggests using a tracking pixel. Basically, the merchant adds a tracking pixel to their order confirmation page, which will report the the transaction details back to Bing. The request for the tracking pixel looks something like this:

ssl.search.live.com...[0]=&p[0]=&q[0]=

This implementation, while easy for the merchant, has an obvious flaw. Anyone can simulate the tracking pixel requests, and post fake transactions to Bing. I’m not going to explain exactly how to generate the fake requests so that they actually post, but it’s not complicated. Bing doesn’t seem to be able to detect these fake transactions, at least not right away. The six cents I earned in January have “cleared,” and I’m guessing the remaining $2080 will clear on schedule, unless there is some manual intervention.

Even if Bing detects these fake transactions at some point in the future, the current implementation might have another interesting side effect. I haven’t done enough work to say it with confidence, but a malicious user might be able to block another user’s legitimate purchases from being reported correctly by Bing (I only tried this once, but it seemed to work). Posting a transaction to Bing requires sending them an order ID in the request. Bing performs a reasonable sanity check on the order ID, and will not post a transaction that repeats a previously reported order ID. When a store uses predictable order ID’s (e.g. sequential), a malicious user can “use up” all the future order ID’s, and cause legitimate transactions to be ignored. Reporting would be effectively down for days, causing a customer service nightmare for both Bing and the merchant.

Based on what I’ve found, I wouldn’t implement Bing Cashback if I were a merchant. And, as an end user and bargain hunter, it does not seem smart to rely on Bing Cashback for savings. In our next blog post, I’ll demonstrate some other subtle but important reasons to avoid using Bing Cashback.

Sourced from ninet.org...

[edit on 11-10-2009 by rogerstigers]



posted on Nov, 10 2009 @ 11:44 AM
link   
Microsoft has always sucked.

They're a criminal business outfit: just look at all the antitrust cases they've lost.

They have killed many better companies with very shady business practices such as announcing the realease of THEIR version of a msall company's software in such a way as to discourage buyers from trying it, then blowing the dates because they weren't real in the first place, while strong-arming the small outfit to buy their software for a pittance while the small company's cash flow dried up. They've seldom done good original work on their own.

They have always been unethical because Gates is a sociopath. A very successful one, but a sociopath nonetheless.



posted on Nov, 10 2009 @ 12:13 PM
link   
I thought Bing was a search engine.
So Bing is a search engine like Google with arrangements to the links.
Can I trust Clusty to give me plain links without monetary arrangements.



posted on Nov, 10 2009 @ 12:23 PM
link   
Does not this basically amount to fraud? In which case the person's proper response should have been to inform Microsoft, not broadcast the exploit for the world to see. Of course if he had already informed Microsoft (who then did nothing), then he should disclose with proof of concept in an attempt to force Microsoft to rectify the problem. The whole concept of disclosure in this context has been talked to death and openly exposing a vulnerability is just as irresponsible if not more so than the existence of the vulnerability in the first place (or knowledge thereof).

[edit on 10-11-2009 by quackers]



posted on Nov, 10 2009 @ 05:46 PM
link   
utter BS

If I tell you xyz business downtown doesn't lock their back doors at night and why i think it is bad and how it could go wrong for that business and you and me.....due to the fact our instore details are in danger, because they don't lock the rear doors....

Am I irresponsible

It's a ridiculous remark, that seems to be a stock std remark when anybody talks about the digital world....The digital world then some how becomes a higher plane than the real world. Some of the fines, prosecutions, sentences, gorilla tactics that are forth coming from anything on a friggin computer are not consistent or semi realistic when compared to the real world.
It seems to be that the digital companies can flood the market with poor quality, buggy, non safe products (software) and then sue, bully, steal, wipe loose, close down....anything any time they want from some poor sod that pipes up and says any thing that is fact or truthful, and the whole time have no worries of reprisal.

Apart from corporations suing corporations, or corporations suing ave joe's........how many ave joe suing digital corporations have been successful?

I wont stand for buggy faulty unsafe software, I dont put up with it on new cars, tv, carpet, houses, toys, fishtanks, timber, food....why the digital corps allowed to get away with it is beyond me...while getting away with this type of crap...




[edit on 10-11-2009 by 297GT]




top topics



 
2

log in

join