Login    Register
User Information
Username:
Password:
We are a free and open
community, all are welcome.
Click here to Register
Sponsored
Who is online

In total there are 61 users online :: 6 registered, 0 hidden and 55 guests


Most users ever online was 155 on Mon Aug 15, 2016 1:40 am

Registered users: Bing [Bot], Google [Bot], Google Adsense [Bot], mrfoo, MSNbot Media, Yahoo [Bot] based on users active over the past 5 minutes

The Team
Administrators
Global Moderators
global_moderators.png CS

PSA -About Mcmaster's Website

A place to ask general spud cannon related questions.
Sponsored 
  • Author
    Message

PSA -About Mcmaster's Website

Unread postAuthor: socoj2 » Sun Feb 17, 2008 3:40 pm

Apparently if you are logged in and send the link to a product, The URL actualy includes your account info. So if you have a stored credit card number someone can just order stuff and have it sent to you.

Further more to log into someones account all you need is their email address. It does not prompt you for a password.

I will only be doing phone orders until they get this fixed and have since cleared all my information out.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Unread postAuthor: potatoflinger » Sun Feb 17, 2008 3:42 pm

Wow, that's not good. Thanks for the heads-up.
  • 0

It's hard to soar with eagles when you're working with turkeys.
User avatar
potatoflinger
Brigadier General
Brigadier General
 
Posts: 1136
Joined: Thu Nov 02, 2006 3:26 pm
Location: Maryland
Reputation: 1

Unread postAuthor: jrrdw » Sun Feb 17, 2008 3:44 pm

Sooooo, whats your email, I need to order some stuff and have you pay for it.

But really, how did you find this out?
  • 0

When life gives you lemons...throw them back they suck!
User avatar
jrrdw
Donating Moderator
Donating Moderator
 
Posts: 6538
Joined: Wed Nov 16, 2005 5:11 pm
Location: Maryland
Country: United States (us)
Reputation: 25

Unread postAuthor: socoj2 » Sun Feb 17, 2008 3:58 pm

I posted a link to something in another forum. and someone Messaged me and told me about it. I then verified it by clearing all my cookies and hitting the link. and then i did it from another computer.

I also cleared my cookies and went to the website and noticed they didnt ask me for a password to log in.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Unread postAuthor: jrrdw » Sun Feb 17, 2008 4:00 pm

Did you send them a message about it?

Just went there and copied and pasted this --

Security


The security of your information is important to us. We have several controls in place to keep your address, contact, and credit card information safe.

When you visit McMaster.com we can tell if you’re using the same computer that you’ve used during a previous visit by looking for a cookie. A cookie is a small text file stored in a temporary folder of your web browser. Cookies are commonly used to retain and speed the transfer of information between websites and personal computers. The file does not contain any personal information and cannot be used to harm or access information on your computer. If you have a cookie, you will be able to see your personal account information.

If you visit us from a different computer that does not have your cookie or you have deleted your cookie, you can retrieve your personal information by providing your e-mail address or user name. If you are coming from a different network than you have used in the past, we will prompt you for your password, to verify your identity.

Whenever we transmit your credit card information over the Internet, we use the industry standard Secure Socket Layer (SSL) encryption. Your full credit card number is never displayed or accessible from anywhere on our website. When you use a saved credit card, we only include the last four digits of the credit card number on the order page so you can tell which credit card you used. You cannot edit your credit card number online, only the nickname for the card and the expiration date.


If your company has security guidelines that require you to provide a user name and password before gaining access to your personal account information on a website, you can change your security preference below.

Recommended The web site will normally remember all of your information. If you visit us from a computer on a different network, you can retrieve your information by providing your user name and password.

Very High You have to sign in with your user name and password each time you visit to access any of your saved account information (e.g. addresses, custom shipping method, saved credit cards, etc.).
If you close your browser or click "Sign Out" you will have to sign in again before gaining access to your account information.

From the surcurity link at the bottem of the webpage.
  • 0

When life gives you lemons...throw them back they suck!
User avatar
jrrdw
Donating Moderator
Donating Moderator
 
Posts: 6538
Joined: Wed Nov 16, 2005 5:11 pm
Location: Maryland
Country: United States (us)
Reputation: 25

Unread postAuthor: PCGUY » Sun Feb 17, 2008 4:10 pm

Interesting thing is, the McMaster URL stays the same the entire time... so the only way you would be able to link someone to a product is if you were to actually isolate the frame it is showing in and send someone that URL.

This is probably why it's designed that way.

As far as the login thing goes I don't know, I have never saved a number anywhere like that... nor have I ever made an account there. However things ordered with your card would end up at your house, not someone else's.
  • 0

Yes, I am the guy that owns & operates SpudFiles (along with our extremely helpful moderators).
User avatar
PCGUY
Site Admin
Site Admin
 
Posts: 1576
Joined: Wed Aug 18, 2004 10:54 pm
Location: Illinois
Country: United States (us)
Reputation: 19

Unread postAuthor: socoj2 » Sun Feb 17, 2008 6:06 pm

Link removed for privacy reasons by Pete Zaria. Sorry.

You guys hit that and see if the information on my account comes up.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Sponsored

Sponsor
 


Unread postAuthor: Ragnarok » Sun Feb 17, 2008 6:14 pm

socoj2 wrote:You guys hit that and see if the information on my account comes up.

The page is completely blank for me, can't see anything in either Firefox or Internet Explorer.
  • 0

Does that thing kinda look like a big cat to you?
User avatar
Ragnarok
Chief of Staff
Chief of Staff
 
Posts: 5339
Joined: Tue Dec 19, 2006 8:23 am
Location: The UK
Reputation: 8

Unread postAuthor: sjog » Sun Feb 17, 2008 6:18 pm

All I got was a blank page. You guys were making me nervous
  • 0


sjog
Donating Member
Donating Member
 
Posts: 440
Joined: Sun Oct 15, 2006 9:43 pm
Location: Marthas Vineyard
Reputation: 0

Unread postAuthor: socoj2 » Sun Feb 17, 2008 6:44 pm

Link removed for privacy reasons by Pete Zaria. Sorry.
  • 0


socoj2
Master Sergeant
Master Sergeant
 
Posts: 169
Joined: Fri Jun 29, 2007 9:17 am
Reputation: 0

Unread postAuthor: jrrdw » Sun Feb 17, 2008 7:28 pm

Blank page with 1st link, page 69 with 2nd link. Nothing about anybodies account.
  • 0

When life gives you lemons...throw them back they suck!
User avatar
jrrdw
Donating Moderator
Donating Moderator
 
Posts: 6538
Joined: Wed Nov 16, 2005 5:11 pm
Location: Maryland
Country: United States (us)
Reputation: 25

Unread postAuthor: Ragnarok » Sun Feb 17, 2008 8:07 pm

Second one points me at a page, but whether I can access details from there is uncertain.
It did flash up something the first time that looks like it might have been a link to an order history ... but try as I might, it won't appear again.
  • 0

Does that thing kinda look like a big cat to you?
User avatar
Ragnarok
Chief of Staff
Chief of Staff
 
Posts: 5339
Joined: Tue Dec 19, 2006 8:23 am
Location: The UK
Reputation: 8

Unread postAuthor: pizlo » Sun Feb 17, 2008 8:51 pm

Holy Crap, If I go to your current order I can see your info...
I don't know if you did this but it doesn't still have your credit card number.
Image




Image
  • 0

User avatar
pizlo
Brigadier General
Brigadier General
 
Posts: 783
Joined: Fri Dec 22, 2006 7:27 pm
Reputation: 0

Unread postAuthor: daberno123 » Sun Feb 17, 2008 8:54 pm

I was able to see your info, i just clicked the link you provided us than clicked current order. Rest assured, i didn't try to order anything but your information would be available to others with perhaps more malicious intent

Edit: Pizlo beat me in finding it
  • 0

User avatar
daberno123
Colonel
Colonel
 
Posts: 594
Joined: Mon Nov 19, 2007 5:56 pm
Location: Ohio
Reputation: 0

Unread postAuthor: bigbob12345 » Sun Feb 17, 2008 8:57 pm

Wow this is good to know
im surprised that this actually happens i wont be posting any more mcmaster links anymore.
  • 0

User avatar
bigbob12345
Major General
Major General
 
Posts: 1516
Joined: Sat Dec 01, 2007 9:13 am
Location: Mercer Island,Washington
Reputation: 0

Next

Return to General Spud Cannon Related

Who is online

Registered users: Bing [Bot], Google [Bot], Google Adsense [Bot], mrfoo, MSNbot Media, Yahoo [Bot]

Reputation System ©'