Comment On So You Hacked Our Site!?

Not too long ago, I added my company, Inedo, to the federal government's Central Contractor Registration system. I don't know, I just didn't want to miss out on all the fun every one seems to have with government work. Whenever one signs up for virtually any government thing, a deluge of companies somehow manage to find to out. The CCR is certainly no exception. [expand full text]
« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19Next »

Re: So You Hacked Our Site!?

2008-03-02 19:09 • by https: (unregistered)
Plesk, Inc.

That sounds right. LOL

Re: So You Hacked Our Site!?

2008-03-02 19:11 • by dkf (unregistered)
180751 in reply to 180736
Nimrand:
[...] cause or intend ham or freud in order for it to be considered illegal.
Sigmund is pleased about that, though he wants to know what the pig's father fixation has to do with it.

Re: So You Hacked Our Site!?

2008-03-02 19:57 • by J Fish (unregistered)
180752 in reply to 180697
laff

whois federalsuppliers.com

Domain: federalsuppliers.com
Registration provider: MateMedia, Inc.

Registrant
Jim Sprecher
Jim Sprecher
jim@countrysidepublishing.com
PO Box 1735
Oldsmar, FL 34677 US
+1.8139250195
(FAX)

this site is on rackspace it appears.

Domain Name Servers:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM

now, I await my visit from gov agents in black suits to arrest me for public knowledge for "hacking"

if this is how our legit gov. handles buisness, ill take my chance with the hackers thank you.

Re: So You Hacked Our Site!?

2008-03-02 21:39 • by Dave G. (unregistered)
Great stuff, Alex. I love you guys.

Re: So You Hacked Our Site!?

2008-03-02 22:10 • by Matt (unregistered)
180758 in reply to 180697
"Save those precious bytes to something that have not been written countless times. Thank you"

Shut up, dont tell me what to do. betch

Re: So You Hacked Our Site!?

2008-03-02 22:45 • by Anon (unregistered)
180759 in reply to 180051
You really have to be joking to think that if you include the username and password in the javascript source of a page that it wont be found.

Seriously!

Re: So You Hacked Our Site!?

2008-03-02 22:46 • by Anon (unregistered)
180760 in reply to 180051
My comment was in response to FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT btw. Smarten up!

Re: So You Hacked Our Site!?

2008-03-02 23:28 • by d4ve (unregistered)
180761 in reply to 180697
internet in general (blogs, comments, etc) is becoming more redundant and predictable everyday...gotta deal wit it

Re: So You Hacked Our Site!?

2008-03-03 03:51 • by Josh (unregistered)
http://google.com/search?q=site:federalsuppliers.com

Re: So You Hacked Our Site!?

2008-03-03 04:41 • by alpha754293 (unregistered)
Updates:

http://officers.federalsuppliers.com/agents.html

that's the page that it takes you to when you "log in". You can skip the entire "log in" process and just straight to that. Down side is they apparently took down the listing. Maybe there's a Google cache of it.

Otherwise, here's the response from whois federalsuppliers.com:

Domain Name: FEDERALSUPPLIERS.COM
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Name Server: NS.RACKSPACE.COM
Name Server: NS2.RACKSPACE.COM
Status: clientTransferProhibited
Updated Date: 13-nov-2006
Creation Date: 19-may-1997
Expiration Date: 20-may-2008

Here's the (partial) traceroute result:

11 * te-1-3-pr01.ashburn.va.ibone.comcast.net (68.86.84.154) 32.381 ms 33.949 ms
12 peer-01-ge-1-1-0-104.asbn.twtelecom.net (64.132.69.73) 26.917 ms 26.196 ms 27.974 ms
13 64.132.228.26 (64.132.228.26) 59.692 ms 63.685 ms 59.415 ms
14 64.132.228.26 (64.132.228.26) 58.507 ms 59.372 ms 58.322 ms
15 vl130.core1.sat.rackspace.com (64.39.2.33) 66.247 ms 61.229 ms 62.702 ms
16 64.39.1.149 (64.39.1.149) 62.185 ms 63.492 ms 59.942 ms
17 matemediainc.com (65.61.159.151) 61.192 ms 65.086 ms 60.287 ms

Re: So You Hacked Our Site!?

2008-03-03 05:51 • by fizze (unregistered)
Epic! :-)

I also love the PDF that he faxed you over. From 2006. Wow. Pretty current for govt. agencies, at least. tee-hee.

Re: So You Hacked Our Site!?

2008-03-03 07:41 • by T $
We're at 712 comments and climbing. Could this be the most popular post of all time?

Re: So You Hacked Our Site!?

2008-03-03 08:34 • by derula
180790 in reply to 180785
T $:
We're at 712 comments and climbing.

While technically it's at most 10 different comments.

By the way, they have changed user name and password to something ridiculous, which doesn't matter because you can entirely skip the login process anyway by simple visiting the address hidden in the if construct. Besides, that isn't hacking, as the user name and passwort are directly sent to whoever reads the website. And the target site says SECURE, which is TRWTF because it isn't. And have you notices there aren't any robot.txt files? Maybe Google has a cached version of it. Which would be great, because they have taken down the whole page. By the way, this is the WHOIS info on the domain: *snip* You should arrest me because I'm an evil hacker, yeah, haha, guess what, I'm not.

Did I forget anything?

Re: So You Hacked Our Site!?

2008-03-03 08:39 • by Eulbobo (unregistered)
180791 in reply to 180790
They changed user an password...

But it's still in the javascript :p

Re: So You Hacked Our Site!?

2008-03-03 09:19 • by More (unregistered)
180796 in reply to 180790
derula:
T $:
We're at 712 comments and climbing.

While technically it's at most 10 different comments.

By the way, they have changed user name and password to something ridiculous, which doesn't matter because you can entirely skip the login process anyway by simple visiting the address hidden in the if construct. Besides, that isn't hacking, as the user name and passwort are directly sent to whoever reads the website. And the target site says SECURE, which is TRWTF because it isn't. And have you notices there aren't any robot.txt files? Maybe Google has a cached version of it. Which would be great, because they have taken down the whole page. By the way, this is the WHOIS info on the domain: *snip* You should arrest me because I'm an evil hacker, yeah, haha, guess what, I'm not.

Did I forget anything?


Yep. The guy who defended the company at first can't spell,

and

The page is now at: http://www.federalsuppliers.com/warning.html. Which I find highly confusing... since that is the page Alex originally gave.

Re: So You Hacked Our Site!?

2008-03-03 09:44 • by wtf (unregistered)
180803 in reply to 180051
Although I am sympathetic to your story, the simple fact is that its laughable that your company wouldn't do a better job of protecting your website. Please don't address us as hackers with a negative connotation. A hacker wouldn't post this article, a hacker wouldn't tell you about the problem, they would exploit it instead. If you want to fix your site's reputation, why don't you fix the problem?

Re: So You Hacked Our Site!?

2008-03-03 10:01 • by Anita (unregistered)
180808 in reply to 180051
I used to work for Federal Suppliers Guide, several years ago as a Graphic Artist. I have to say that I was initially skeptical of their product. Final copies are not mass produced, but rather a small-scale print run (each approx. phone book size) delivered to the select Federal Suppliers for that State/Region. Customers do have to pay to get a copy of the book (something like $100). I believe that a copy of their ad is free.

Phone calls and ads are legitimate. Their were at least 4 full-time Graphic Artists to handle the workload. Designs were faxed and e-maiiled to customers for approvals. They had a full time sales staff at several locations (probably 10-12 at the location that I worked). Owner/Manager is a Christian woman that seemed to treat employees with respect. Very small company, with it's biggest downfall being (in my opinion) that it didn't offer employees a lunch room and that equipment/software was in need of upgrading.

Other than that, I don't believe that I would label it as a "scam" company. Just a niche product.

Think they also offered services to assist with Federal Suppliers paperwork processing - with a hefty fee if I remember correctly.

Re: So You Hacked Our Site!?

2008-03-03 10:23 • by just visiting (unregistered)
180817 in reply to 180051
FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
not only is the company legit we actually have held a 5 year GSA contract with the federal government


This makes me sad. :(

Re: So You Hacked Our Site!?

2008-03-03 10:41 • by Lysis
180820 in reply to 180051
FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government
and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.


I rofl'd

Addendum (2008-03-03 10:50):
Posting in a legendary thread.

Re: So You Hacked Our Site!?

2008-03-03 11:03 • by m (unregistered)
This is very upsetting news... I get the feeling that every other WTF posted from now is going to pale in comparison to this... :(

Re: So You Hacked Our Site!?

2008-03-03 11:04 • by jpers36
180832 in reply to 180785
T $:
We're at 712 comments and climbing. Could this be the most popular post of all time?


This one is still well ahead, and I'm not even sure if that's the record.

Re: So You Hacked Our Site!?

2008-03-03 11:26 • by amused (unregistered)
180837 in reply to 180646
hilarious

Re: So You Hacked Our Site!?

2008-03-03 11:39 • by Torauma
Really, clicking "View Source" shouldn't even count as a step. The data that their server is sending you is the raw HTML/Javascript. Your browser interprets it, and "View Source" is just showing you what was actually received. If I used wget, or telnet'ed to port 80 of their webserver and did a GET on the page in question, I would see the username and password right there.

Re: So You Hacked Our Site!?

2008-03-03 12:35 • by Benanov
180849 in reply to 180808
Owner/Manager is a Christian woman that seemed to treat employees with respect. Very small company, with it's biggest downfall being (in my opinion) that it didn't offer employees a lunch room and that equipment/software was in need of upgrading.


Aww, look. Pathos.

Re: So You Hacked Our Site!?

2008-03-03 12:40 • by tamosius (unregistered)
I wouldn't be much surprised if they wouldn't be safe from SQL inject attack either..

http://www.federalsuppliersguide.net/?_name=&_description=&_q1=&_q2=52&_q3=&_orderBy=name

Re: So You Hacked Our Site!?

2008-03-03 12:44 • by hax0rz (unregistered)
180851 in reply to 180832
jpers36:
T $:
We're at 712 comments and climbing. Could this be the most popular post of all time?


This one is still well ahead, and I'm not even sure if that's the record.


Ahhh yes. The Hat Riddle. Good times.

Google Cache Link

2008-03-03 13:36 • by Harshmage (unregistered)
http://www.google.com/search?q=+site:federalsuppliers.com+federalsuppliers.com/&hl=en

If you browse the several pages, you'll see the listed addresses of the companies who were marks.

I don't mean to discourage or deface these businesses, but FederalSuppliers is not exactly sharing their information with anyone. I hope that via the Google Cache, they will get at least some attention, and maybe find grounds for a lawsuit against the owner(s) of FederalSuppliers.

Remember, the government isn't the only one interested in buying from these companies. They're in business so EVERYONE can invest, purchase, and make that economic wheel turn.

Re: So You Hacked Our Site!?

2008-03-03 13:39 • by wavq (unregistered)
180860 in reply to 179996
So how do you know if you're authorized?

How do you know if you're not authorized?

Re: So You Hacked Our Site!?

2008-03-03 14:23 • by Dan (unregistered)
FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government
and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.


Wow, 15 pages of vitriolic hot-headed comments so far, all because of something that was almost certainly a deliberate troll.

Unless you think that someone with those language skills, that little knowledge of what he's doing, and that offensive a position would actually have come to this website and posted here, especially with such brazen statements like "all of you are being reported to the appropriate authorities as we have your information too".

Granted it was well-crafted to the point where it seems just plausible enough, but everyone who flamed in response to that post should check themselves, as they are a gullible idiot.

Dan.

Re: So You Hacked Our Site!?

2008-03-03 14:25 • by Instaneous (unregistered)
180867 in reply to 180866
Dan:
FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government
and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.


Wow, 15 pages of vitriolic hot-headed comments so far, all because of something that was almost certainly a deliberate troll.

Unless you think that someone with those language skills, that little knowledge of what he's doing, and that offensive a position would actually have come to this website and posted here, especially with such brazen statements like "all of you are being reported to the appropriate authorities as we have your information too".

Granted it was well-crafted to the point where it seems just plausible enough, but everyone who flamed in response to that post should check themselves, as they are a gullible idiot.

Dan.


He could be trolling in his spare time.

Re: So You Hacked Our Site!?

2008-03-03 14:48 • by Vaccano (unregistered)
180871 in reply to 180051
OK, if the website was secure then you could MAYBE have an argument for legal action. But since I could get to this site (which I have not done) without a user name and password, it cannot be called hacking.

Having an unsecured web page that you don't want the general public to go to is not security, it is wishful thinking. (To use the house analogy is is like taking your private journal out of your house and posting all the pages on a bulletin board at the City Hall.)

Just because another page that links to it requires two unique strings for the link to work does not make the page behind the link secure. You need to secure your website for authenticated users, then (even if you are stupid and store your user name and password in the java script) you COULD POSSIBLY have a argument for legal action.

Re: So You Hacked Our Site!?

2008-03-03 14:53 • by jimmy (unregistered)
180873 in reply to 180832
jpers36:
T $:
We're at 712 comments and climbing. Could this be the most popular post of all time?


This one is still well ahead, and I'm not even sure if that's the record.

Not to be a boogerhead about it, but that one is about an interview method. It's kind of subjective.

This one is a newby implementation error (I'm being nice!) by a site that (to most of us apparently) is not far shy of being strung up for their business practices. The phrase "couldn't happen to a nicer guy" comes to mind here.

Then, to top it off, somebody digged it. Brillant!

Re: So You Hacked Our Site!?

2008-03-03 15:31 • by anonymous (unregistered)
Now they've changed it to a single input box...

the script now just tacks on ".html" to whatever you type into the box and does a request for that...

I guess they couldn't afford a real web developer... so where does all of that money go then?

Re: So You Hacked Our Site!?

2008-03-03 15:43 • by Renan "C#" Sousa
180883 in reply to 180850
tamosius:
I wouldn't be much surprised if they wouldn't be safe from SQL inject attack either..

http://www.federalsuppliersguide.net/?_name=&_description=&_q1=&_q2=52&_q3=&_orderBy=name


It shows the following error in the end of the page:

Could not find images: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'exists (select 1 from dbimg_ImageAttributeValue iav where iav.a


One more WTF in the list of WTF's for that site.

Re: So You Hacked Our Site!?

2008-03-03 15:44 • by real_aardvark
180884 in reply to 180639
codemoose:
real_aardvark:
Well, this is apparently what you get when you inadvertently hit the Top Ten in digg or reddit or www.adhd.org -- a stream of repetitive crud.

Is there some way to hack digg/reddit/slash-my-wrists to downgrade the popularity of the site or article? It's worth looking into.

As an alternative, how about insisting on any commentator after the first two hundred or so actually registering. Most of these numb-nuts won't bother to jump through that hoop. Those that do might actually contribute something worthwhile in future.


You're new here aren't...oh, wait, I thought I was on /.

Well, I enjoyed that, even if the last hundred posters didn't.

Maybe we could start a club? It'd be Webby, it'd be 2.0 ... it might even feature photographs.

Now, that'd put most of these pointless swine off the idea of posting.

Re: So You Hacked Our Site!?

2008-03-03 15:49 • by real_aardvark
180885 in reply to 180660
weirdbeardmt:
I don't know which is the bigger WTF... the actual story, which although humourous is merely a "n00b" (and very common) scripting mistake or the hundreds of pretentious self-righteous tech "geniuses" spouting the same old tired gibberish ad infinitum. I'm actually embarassed to be a part of it.

Fortunately though, the vast majority of the digg et al trolls will disappear soon enough and things round here can get back to normal.

You think?

Tell me again. What country do you live in? When do retarded adolescents grow up in that country?

Re: So You Hacked Our Site!?

2008-03-03 15:54 • by real_aardvark
180887 in reply to 180808
Anita:
I used to work for Federal Suppliers Guide, several years ago as a Graphic Artist. I have to say that I was initially skeptical of their product. Final copies are not mass produced, but rather a small-scale print run (each approx. phone book size) delivered to the select Federal Suppliers for that State/Region. Customers do have to pay to get a copy of the book (something like $100). I believe that a copy of their ad is free.

Phone calls and ads are legitimate. Their were at least 4 full-time Graphic Artists to handle the workload. Designs were faxed and e-maiiled to customers for approvals. They had a full time sales staff at several locations (probably 10-12 at the location that I worked). Owner/Manager is a Christian woman that seemed to treat employees with respect. Very small company, with it's biggest downfall being (in my opinion) that it didn't offer employees a lunch room and that equipment/software was in need of upgrading.

Other than that, I don't believe that I would label it as a "scam" company. Just a niche product.

Think they also offered services to assist with Federal Suppliers paperwork processing - with a hefty fee if I remember correctly.

Ha-hem.

What, precisely, is the difference between "scam" and "rip-off" and/or "snake-oil sales"?

A "niche" product is something that you can't find anywhere outside that niche. Granted, it might still be any or all of the above. It might still be what you want.

This one ain't it.

Re: So You Hacked Our Site!?

2008-03-03 16:19 • by Prosthetic Lips (unregistered)
180892 in reply to 180881
anonymous:
Now they've changed it to a single input box...

the script now just tacks on ".html" to whatever you type into the box and does a request for that...

I guess they couldn't afford a real web developer... so where does all of that money go then?


PS: Don't try typing the obvious word, "procurement", into the input box. Because that is most definitely *NOT* the password (at least at 4pm EST on Monday). Who knows what it will be later.

Re: So You Hacked Our Site!?

2008-03-03 16:22 • by All your base are belong to ME! (unregistered)
So, I don't code but work in IT, mostly hardware but I LOVE this website. I got through about the first four pages of the comments, and honestly can't believe that
* This company is not fixing this blatant security issue
* Referring to people here as "hackers" when in reality true hackers would have completely DESTROYED their website, getting personal data/credit card numbers, and god knows what else

Instead of cheap/petty threats from employees from this company, they should be THANKFUL that it was found on this forum where ridicule is the worst consequence of their action (or inaction).


Re: So You Hacked Our Site!?

2008-03-03 16:38 • by Prosthetic Lips (unregistered)
180895 in reply to 180892
The management would like to inform everyone that the persons responsible for the unmarked sarcasm in the previous post have been sacked.

Why doesn't BBCode have a [sarcasm]marker[/sarcasm] for that?

Re: So You Hacked Our Site!?

2008-03-03 17:13 • by Stiggy
180901 in reply to 180881
anonymous:
Now they've changed it to a single input box...

the script now just tacks on ".html" to whatever you type into the box and does a request for that...

I guess they couldn't afford a real web developer... so where does all of that money go then?

Love their new code comments
// **** You WILL NOT get access without a valid password ****
// **** javascript:IPcatch:subject?Source_code_violator ****

ph33r m1 l337 h4xx0r 5k1llz or something lol

Re: So You Hacked Our Site!?

2008-03-03 17:20 • by Rawr (unregistered)
180902 in reply to 180697
<!--
// **** You WILL NOT get access without a valid password ****
var suffix = ".html"

// **** javascript:IPcatch:subject?Source_code_violator ****
var pass_msg = "Password: ";

function go_there() {
location.href = document.pass_form.pass.value + suffix;
}

document.write('<form name="pass_form" onSubmit="go_there();return false">'
+ pass_msg + '<input type="password" name="pass" size="20" value="">'
+ '&nbsp;<input type="button" value="Verify" onClick="go_there()"></form>');
// -->



I just felt the things I outlined it bold were, in fact, rather comical.

Re: So You Hacked Our Site!?

2008-03-03 17:21 • by phire (unregistered)
180903 in reply to 180892
Prosthetic Lips:

anonymous:

Now they've changed it to a single input box...

the script now just tacks on ".html" to whatever you type into the box and does a request for that...

I guess they couldn't afford a real web developer... so where does all of that money go then?


PS: Don't try typing the obvious word, "procurement", into the input box. Because that is most definitely *NOT* the password (at least at 4pm EST on Monday). Who knows what it will be later.


Na, that's an actual page. You can access it normally from the 2nd button from the right in the top bar, helpfully labled procurement.

But, as long as someone visits the guide, and they have google toolbar installed, then google will eventually index it.

Re: So You Hacked Our Site!?

2008-03-03 17:43 • by Dave G. (unregistered)
180910 in reply to 180866
Stop spoiling our fun you joyless old bastard. Nobody cares.

Re: So You Hacked Our Site!?

2008-03-03 17:58 • by Calli Arcale (unregistered)
180911 in reply to 180808
Anita:
I used to work for Federal Suppliers Guide, several years ago as a Graphic Artist. I have to say that I was initially skeptical of their product. Final copies are not mass produced, but rather a small-scale print run (each approx. phone book size) delivered to the select Federal Suppliers for that State/Region. Customers do have to pay to get a copy of the book (something like $100). I believe that a copy of their ad is free.

Phone calls and ads are legitimate. Their were at least 4 full-time Graphic Artists to handle the workload. Designs were faxed and e-maiiled to customers for approvals. They had a full time sales staff at several locations (probably 10-12 at the location that I worked). Owner/Manager is a Christian woman that seemed to treat employees with respect. Very small company, with it's biggest downfall being (in my opinion) that it didn't offer employees a lunch room and that equipment/software was in need of upgrading.

Other than that, I don't believe that I would label it as a "scam" company. Just a niche product.

Think they also offered services to assist with Federal Suppliers paperwork processing - with a hefty fee if I remember correctly.


The hefty fee would not surprise me in the least; while I do suspect your former employer is not, technically, a scammer (at least, not in the sense of the 419 scammers), I do suspect they can fairly be described as snake-oil salesmen. They are selling a product which is of no practical value for a high price -- and, judging by the experience relayed in the original post, using well-worn sales techniques designed to induce a person to buy without any real knowledge of what exactly they are buying. In short, it would be fair to describe it as a con-job. (Charging large amounts of money for menial copying is also a borderline con-job, BTW.) Some posters have compared it to vanity publishing and "Who's Who?" services, which charge a fee to publish your name and/or work. What they don't tell you (and what they didn't tell the original submitter) is that this information will go into a publication so obscure that it's only a step above where Arthur Dent had to go to find the "publicly displayed" notice that his house was scheduled for demolition (cf. "The Hitchhiker's Guide to the Galaxy").

Me, I'd like to compare it to services which sell lunar or Martian real-estate, or asteroids, or the rights to name stars. In all cases, they are charging customers for something which is utterly meaningless -- but which they have deliberately represented as valuable despite knowing perfectly well that it completely worthless.

Now, such companies have often claimed that they are not con-artists, because they are in fact providing a service for a fee. But the service is so grossly different from what they persuade their customers to buy that it beggars the imagination to think how they might actually think they're doing a service to anybody. There are only two realistic options: either your former employers are deliberately misrepresenting their service, and counting on the fact that their customers are all small business who likely won't have the wherewithal to take them to court, or they are complete and utter morons with a grossly inflated sense of their own importance.

Actually, the javascript snippet might support the "moron" theory. But the conduct of the salesman very strongly supports the "con-artist" theory, because he went out of his way to avoid giving any real information to the prospect which would permit the prospect to fairly judge the offer. Either way, I think it is very much in the public interest to publicize this information. Customers have a right to fairly judge the quality of a proposition. If the people who posted earlier in this thread claiming to be employees actually are, then their protestations of innocence are entirely consistent with trying to prevent the public knowing just how worthless this product actually is.

And that, my friends, is the real WTF. Not the lame-O security, though that was a pretty darned good WTF. One of the best I've ever seen, made so much better by the company's attempts to "fix" the hole. The real WTF is that so many companies can get away with selling products so worthless that they must be either con-artists or the biggest incompetents in history.

Re: So You Hacked Our Site!?

2008-03-03 18:00 • by Hugues
180912 in reply to 180881
anonymous:
Now they've changed it to a single input box...

the script now just tacks on ".html" to whatever you type into the box and does a request for that...

I guess they couldn't afford a real web developer... so where does all of that money go then?

Alright, am I a nerd if I thought it was hilarious to navigate around the site using this form?

I'm pretty sure the web dude at www.federalsuppliers.com is checking this thread pretty often. If so, I thought I'd let you know the navigation on this "login" page is broken now:

<li><a href="http://www.federalsuppliers.com/federal.html">Federal R</a><a href="http://www.federalsuppliers.com/federal.html">egulations</a></li>

The style class is sticking a bar between them which makes it display as:"Federal R | egulations"

Look on the bright side.. you're getting all kinds of free QC and consulting work here. I know companies that have paid millions to have this kind of detailed site audit performed.

Re: So You Hacked Our Site!?

2008-03-03 18:00 • by Anonymous Coward (unregistered)
With their new login 'http://www.whitehouse.gov/index' as a username works. :P

Re: So You Hacked Our Site!?

2008-03-03 18:37 • by derula
180918 in reply to 180913
The new implementation is great. Also I know it was suggested by someone in the comments. So they're actually reading this ^^

Anyone guessed the new password?

Re: So You Hacked Our Site!?

2008-03-03 19:52 • by Alcari (unregistered)
Well, at least they made it marginally more secure now.
In fact, they should probably pay The Daily WTF, for solving their glaring security issue.

I just wonder how often they had to tell their "agents" about the new changes to the "security" login.

Re: So You Hacked Our Site!?

2008-03-03 20:03 • by MM (unregistered)
180926 in reply to 180328
Reality:
you should be more worried about all of the pending lawsuits from people whose information was compromised by a company that is essentially handing out access to their database to anyone with a computer and a right mouse button.
Lawsuits from people who's ADVERTISEMENTS were actually seen??? That's what's on this site - what this "security" is protecting - it's ads. It's hard to believe clients would be that upset at having their ads be seen. (The security isn't there to protect the clients. It's there to keep people from checking references and recognizing that the service is a scam. It's really sort of a shame that they may be fixing it now.)

CodeMonkey:
The fact that your company cannot splurge for basic serverside protection would lead any sane person in the contracting world to wonder what else you're too cheap to secure.
Now this, on the other hand, might be a valid concern. If someone pretends to secure a site that neither needs nor has any security, it brings in to question what else they're doing that badly.
« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19Next »

Add Comment