Login    Register
User Information
Username:
Password:
We are a free and open
community, all are welcome.
Click here to Register
Sponsored
Who is online

In total there are 34 users online :: 4 registered, 0 hidden and 30 guests


Most users ever online was 218 on Wed Dec 07, 2016 6:58 pm

Registered users: Bing [Bot], Google [Bot], MSNbot Media, Yahoo [Bot] based on users active over the past 5 minutes

The Team
Administrators
Global Moderators
global_moderators.png CS

PSA -About Mcmaster's Website

A place to ask general spud cannon related questions.
Sponsored 
  • Author
    Message

Unread postAuthor: pizlo » Sun Feb 17, 2008 8:58 pm

daberno123 wrote:
Edit: Pizlo beat me in finding it

Image
  • 0

User avatar
pizlo
Brigadier General
Brigadier General
 
Posts: 783
Joined: Fri Dec 22, 2006 7:27 pm
Reputation: 0

Unread postAuthor: Pete Zaria » Sun Feb 17, 2008 8:59 pm

This is indeed a big security vulnerability. It not only allows for potential privacy breeches, but opens the door to session hijacking and capturing of financial information.

socoj2, I'm going to remove the links you posted with your personal mcmaster link, for privacy and legal reasons.

Peace,
Pete Zaria.
  • 0

User avatar
Pete Zaria
Moderator
Moderator
 
Posts: 978
Joined: Fri Mar 31, 2006 6:04 pm
Location: Near Seattle, WA
Reputation: 0

Unread postAuthor: PCGUY » Sun Feb 17, 2008 9:03 pm

I have contacted McMaster.
  • 0

Yes, I am the guy that owns & operates SpudFiles (along with our extremely helpful moderators).
User avatar
PCGUY
Site Admin
Site Admin
 
Posts: 1576
Joined: Wed Aug 18, 2004 10:54 pm
Location: Illinois
Country: United States (us)
Reputation: 19

Unread postAuthor: Ragnarok » Sun Feb 17, 2008 9:34 pm

Bloody hell, that really is a serious security flaw...

The way they've tried to get around it is just irresponsible.
Mind you, I never store any of my financial data on my computer or online, nor do I use automatic login on any internet store (forums - yes, just about everything else, no).

I'm not one to be careless with my details, so when I order, I'll manually enter my debit card number each time, and only after performing a full sweep of my PC for any possible phishing software.

I don't intend to fall foul of any scams, frauds, hacks or exploits.
  • 0

Does that thing kinda look like a big cat to you?
User avatar
Ragnarok
Chief of Staff
Chief of Staff
 
Posts: 5339
Joined: Tue Dec 19, 2006 8:23 am
Location: The UK
Reputation: 8

Unread postAuthor: socoj2 » Mon Feb 18, 2008 12:09 am

Heh I actually know what im doing. Its cool that some of you guys where not ready to believe me but. I blasted them in an email.... I am not happy at all. I checked my account when i found out about it and there was no outrageous errors. But someone did order a QEV and had it shipped to me. i also cancled that.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Unread postAuthor: socoj2 » Mon Feb 18, 2008 12:09 am

pizlo wrote:Holy Crap, If I go to your current order I can see your info...
I don't know if you did this but it doesn't still have your credit card number.
Image




Image


that is because i DELETED my info from their site as soon as i found out about it...
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Unread postAuthor: socoj2 » Mon Feb 18, 2008 9:56 am

Just got a Mcmaster customer service rep. If you look at the bottom of their web page. Click on Security. It has two options Normal and VERY HIGH.

Very High will prompt you for an user name and password Every time to log into to your account.

I still consider the fact that it doesnt default to this blatantly stupid, and it pisses me off that they even took this chance with my account information.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Sponsored

Sponsor
 


Unread postAuthor: jimmy101 » Mon Feb 18, 2008 3:38 pm

socoj2 wrote:Just got a Mcmaster customer service rep. If you look at the bottom of their web page. Click on Security. It has two options Normal and VERY HIGH.

Very High will prompt you for an user name and password Every time to log into to your account.

I still consider the fact that it doesnt default to this blatantly stupid, and it pisses me off that they even took this chance with my account information.

That really doesn't address the security issues, and someone should tell McMaster that.

Besides, it looks like critical information is being passed in URLs. That should never happen. Clearly this is a bug in the system. Autologin is bad enough but at least with that, if you send a link to another person, persumably on another machine, then the autologin shouldn't work and your accout info (except perhaps the user name) would still be protected.
  • 0

Image

jimmy101
Lieutenant General
Lieutenant General
 
Posts: 3129
Joined: Wed Mar 28, 2007 9:48 am
Location: Greenwood, Indiana
Country: United States (us)
Reputation: 7

Unread postAuthor: clide » Mon Feb 18, 2008 6:11 pm

If you want to link to a product on McMaster you can use the following format:

http://www.mcmaster.com/nav/enter.asp?partnum=9528K131

Just replace the part after "=" with the part number you want to link to.
  • 0

<a href="http://gbcannon.com" target="_blank"><img src="http://gbcannon.com/pics/misc/pixel.png" border="0"></a>latest update - debut of the cardapult

clide
Donating Member
Donating Member
 
Posts: 785
Joined: Sun Mar 06, 2005 3:06 am
Location: Oklahoma, USA
Reputation: 0

Previous

Return to General Spud Cannon Related

Who is online

Registered users: Bing [Bot], Google [Bot], MSNbot Media, Yahoo [Bot]

Reputation System ©'