I saw a news story posted somewhere in the last month (let’s just say sometime in 2005 to be safe) about a guy who discovered a security vulnerability in a Web site somewhere that basically worked like this:
Anyone remember what I’m talking about or have a link to a news item? I’ve spent the last four hours trying everything I can on Slashdot, Google, Google News, The Register, the NYT (which is where I think I read it), etc., and I’ve had no luck so far.
It’s not the Harvard MBA story. That only involved people seeing their own data. And I’m pretty sure it’s not the Johns Hopkins J-CARD story I linked to back in early February.
Thanks a bunch if anyone finds it and posts it here.
I remember that article too. It wasn’t that long ago, but like you I’ll be damned if I can find it.
I did run across this interesting PDF about brute force hacking PHP session IDs, but that’s about it:
http://www.cgisecurity.com/lib/SessionIDs.pdf.
The only other thing I can suggest is that if it was on Boing Boing or Slashdot, you can run some pretty advanced searches on my echoes (http://theheatinkbbs.ca/echoes) - no ‘www’ this time. I’ve been collecting Boing Boing and Slashdot’s RSS feeds for about 6 months now and all their entries should be in there somewhere.
I tried searching the echoes, but to no avail. You may remember more about the article than I do however and therefore may have better luck.
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)