What's in a URL?



  • From: http://www.jaggle.nl/index.php/site/comments/hema_hacken/

    In English: HEMA (a Dutch chain of warehouses) has online courses, and you have to pay for them (€10 = $17). But if you start a trial lesson and replace the word proefles (trial) by cursus (course), you can follow the real course without paying. That really shouts WTF!



  • Security through obscurity at its most obviously stupid. 



  •  @brazzy said:

    Security through obscurity at its most obviously stupid. 

    Isn't this a case of security through plainly obvious rather than obscurity?



  • Reminds me of those old sites where, to download something, the site would wait 15 seconds to a minute (depending on the site) to display the link so that the ad companies give them more money... but anyone with basic HTML knowledge could open the source, where the link could usually be found right at the beginning as a simple javascript variable. I'd gotten that technique down to 6 seconds before most sites started obfuscating the variable ({'h','t','t','p',':','/','/','w', etc.).



  • @brazzy said:

    Security through obscurity at its most obviously stupid. 

    Wel... JOB security trough obscurity seems to work quite well for the IT branch.



  • @curtmack said:

    Reminds me of those old sites where, to download something, the site would wait 15 seconds to a minute (depending on the site) to display the link so that the ad companies give them more money... but anyone with basic HTML knowledge could open the source, where the link could usually be found right at the beginning as a simple javascript variable. I'd gotten that technique down to 6 seconds before most sites started obfuscating the variable ({'h','t','t','p',':','/','/','w', etc.).
    Finding them is still easy (look for the "please wait x seconds" text), but there's often a bit of obfuscation involving math operations or string manipulation that takes >45 secons to decode manually. The solution, then, is Greasemonkey.


Log in to reply