- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
So, their site is hilarious. On http://www.federalsuppliers.com/company.html they claim at the same time: "Federal Suppliers Guide is a small business..." and "We are the oldest and largest publishing company in this industry!"
So, they're small when they want to claim to understand small businesses. But they're huge when they're claiming credibility.
Admin
zzzzzz fffxxx
Rofl
Admin
For some reason I imagine the sales rep has the voice of Phil Hartman.
Admin
Μολὼν Λαβέ.
Admin
I'm hearing Gil Gunderson (the hapless salesman) . . . "Well, if you, well ... really? Wow, Hot, hot dog! A sale!"
Admin
zzzzzz
fffxxx
But when you log in it gives a 404. Haha.
Wonder if the person who built the site got the work from the guide? Probably was the comapny she mentioned and they probably charged the 500,000 for the security too...
Admin
Anyone can say anything on the internet. Can you prove that what you say is true?
Responding on the forums is one of the least effective ways to get your message to the site operators.
--BK
Admin
Lucy,
Having a community of programmers like this one discover a vulnerability in your site is actually a good thing. Most of these people are non-malicious and are actually professionals in the field. Take this opportunity to fix a huge security problem and use the services of one of the many capable coders available here.
The people on this forum are entitled to their opinion about your business as well as your website's security. That's what this site is about; poking fun at IT problems throughout the industry. The entity that is your company should not take this personally, and proceed to use this as free advice that your site lacks any security measure and that you should hire someone new immediately to solve the problem.
Admin
Just changed again...
<script language="javascript"> <!--// /*This Script allows people to enter by using a form that asks for a UserID and Password*/ function pasuser(form) { if (form.id.value=="zzzzzz") { if (form.pass.value=="fffxxx") { location="http://officers.federalsuppliers.com/agents.html" } else { alert("Invalid Password") } } else { alert("Invalid UserID") } } //--> </script>Somebody should tell them that changing the password will not help as long as the password is written there...
Admin
I have NEVER posted on this site ever, despite reading it for more than a year. But I just can't let this slide.
It may be because this is the first not-anonymous-company post ever. But this is the FUNNIEST thing I have ever seen! For obvious reasons, I hope this de-evolves into a flame war. Wouldn't that be great? Looking forward to the responses on this one.
Admin
LOL wow... report him to the authorities for what? Viewing the source code to a website? Cause, um, hate to break it to you, but that's not illegal. :-P
Admin
D'you think we could get it indexed by Google?
Admin
Just a tip - if you paid a professional consulting company to put this together for you, fire 'em.
If you put it together yourself, it's time to grow up and have someone who knows what they're doing help you with your site.
Admin
Looks like the site is down - they keep changing the passwords, but they took down the main page.
Seriously Alex this story makes up for all the shit you've taken for changing the name of the site...etc. Well done!
Admin
/This Script allows people to enter by using a form that asks for a UserID and Password/ function pasuser(form) { if (form.id.value=="zzzzzz") { if (form.pass.value=="fffxxx") {
location="http://officers.federalsuppliers.com/agents.html" } else { alert("Invalid Password") } } else { alert("Invalid UserID") } } //-->
Admin
wow... you are some bad bad hackers! Shame on you all guys.
Admin
If you and your company are TRULY who you claim to be, then you will be able to naturally rise above this.
Everything happens for a reason, and your 4 kids may just have to see daddy work a little harder, who knows, maybe you'll lose a little weight too - Now that's American!
Admin
Sir, that is the most unsecure site in the history of unsecure sites. Hire a developer.
Admin
I don't know what's funnier. That they keep changing the password, or that the SECURE page is unprotected anyway.
Although at this point I almost feel bad for them... almost.
Admin
Aren't all you wienies, I mean geeks, just so proud of yourselves? I guess between taking a few tokes you have nothing better to do than slam people trying to actually work for a living. While you have all day to sit around in your underwear trying to prove your superiority breaking into what amounts to other people's houses, (albeit, online houses) the rest of the world is working. It must be tough for you to justify your lives without vilifying others. I'm sure you don't even try. People who make false statements about others may find themselves at the wrong end of a lawsuit. People in glass houses shouldn't throw stones. But, don't worry, nothing could possibly happen to you. I'm sure no one could find your address. I'm sure you all operate everything in your life on the up and up and can hold up to scrutiny as well. So, just smoke another one and don't you worry about it.
Admin
It's true to say that the site wasn't protected to our standards, but also true to say that it wasn't protected to any reasonable standard. The security on that page is of a level that could be broken in moments by a reasonably intelligent 10-year-old; what you've got there is the electronic equivalent of locking the door but leaving a key under the welcome mat.
Admin
Preferably a legitimate one.
Admin
It's not hacking if you send me a document that requests a User and Password, then provides the User and Password in the very same document.
This probably isn't the first time a non-member has entered the user name and password you sent them through the web page.
Admin
oh man.
this entry fucking rocks.
this is why i read the daily WTF.
my hats are off to you.
Admin
This is so funny. The way they've been handling this situation today, I actually believe that they are inept enough that a scam does not need to be supposed to explain any of this; they trip my Hanlon's Razor.
What's even funnier is that this site (the definitive "The Real WTF") decided to ignore their own very wise anonymity policies and possibly exposed themselves to legal retaliation. Best hope they prove to be malicious, stupidity isn't illegal.
Admin
form.id.value=="zzzzzz" form.pass.value=="fffxxx"
the "agents page is still offline. I guess they are "updating it"
Admin
Immature? How about you LEARN HOW TO CODE PROPER?!? There is NO excuse for this kind of mistake, even a first year student could have told you this was a bad idea. Don't come crying here because you don't know how to secure a webpage.
Admin
I just wanted to copy the wonderful bits of that page to here, since it will probably disappear soon:
"Salary Range 7,000 USD per year"
"GUARANTEED PRE-QUALIFIED LEADS!!"
"Benefits" [no explanation or details]
"Potential of earning $65,000-$120,000 ++"
"Manager assistance is available during entire presentation"
I can't imagine anyone not jumping at this chance . . .
Admin
It's now...
if (form.id.value=="zzzzzz") { if (form.pass.value=="fffxxx") {
I like how even though the page is 404 now, the username and password keep changing as if that was the really unsecure part.
Admin
Having worked for a small business that DID government sales I know a) image and talk is EVERYTHING and b) that shit is NOT hard. I signed up with Dun and Bradstreet and several local states. I was 18 at the time. Any monkey that passed grade school could do your job. I'm willing to put you into that category, although capitalization and a basic understanding of how computer security works would put you into the "monkeys that graduated high school" category. Our "technical knowledge" here isn't impressive; you should understand plaintext vs encryption before using ANY kind of online banking or else you're being an irresponsible user.
Admin
Now I know with whom I shall not do business in the future. Thanks TDWTF! This is exactly why every post that mentions WTFs should list the company's name. So the consumers and business owners out here in the real world know which businesses display really, really bad business practices.
Why would I want my credit card number to go into the hands of a company like this?
Stop anonymizing companies in future posts, TDWTF. Please.
Admin
Nobody accused you of scamming anyone. I think the inference is that you are selling something of very little value for waaaaayyy too much money. No one gives a sh!t how long you and your wife have worked there or how proud you are. That doesn't mean diddly in when attempting to establish the value proposition of your offering. Perhaps you could make available the average ROI for advertising $ invested with your company by your clients. That would make a compelling case (in either direction).
Oh yeah, and your idea of computer security is a joke. That's what you get for buying a developer on price instead of on value, d!ckhead.
Admin
I hereby nominate this wtf for legendary status.
Admin
Yeah, get on with shooting the messenger while your dodgy little business slides down the pan. Unbelievable.
Admin
So is he still eligible?
btw, if he did call your 'customers' that haven't heard anything back: so fucking what? I would have tried to find some references on it too.
Admin
Share your name so we can all know what companies to avoid that do little to nothing for their own security.
Admin
what can you even say to someone as ignorant as this?
Hello, if you read all the comments there are people trying to help you!
Admin
LMFAO - that's awesome.
Admin
I think this is really crappy. This website in the past has changed names and not provided real URLs to a company. Maybe you don't like this guy's business, but I think it is inexcusable to post exploits to another website. Shame on daily wtf.
Admin
STFU
Admin
Seriously the best WTF ever. They really don't understand.
Admin
This is a joke right? This perceived security is analogous with leaving the keys in the lock of your front door, but throwing a plastic bag over the keys and calling it secure.
You reap what you sow, and your reputation is what it is... this post changes nothing
Admin
Dude, he just got some expensive consulting for free. He should be elated.
Admin
you aren't a very good customer then!
using:
http://www.google.com/search?q=site%3Aofficers.federalsuppliers.com&hl=en
I could used google's cached entries and browse their fine merchandise at my leisure.
Admin
I was thinking putting the key under the mat and locking the door, but putting a sign on the door telling everyone the key is under the mat. And then being surprised when someone breaks in.
Admin
Whoops, forgot the robots.txt file.
Admin
Wow, this just wouldn't be half so funny if not for their sad attempts at "security" by changing the password in plain sight over and over, and the unbelievably naive and simple-minded comments from supposed employees of the company. Now I'm hooked.
Admin
Good news!!!!
You may be eligible for support to fix your horrible coding.....Wow! really good news....For only $1500 I can fix that for you....Whaddaya say>?
702-229-3111
Admin
You think its bad to expose an obvious scam? Shame on this catalog more like it. They're charging for a service (a LOT of money) so they are to blame.
FUCK YOU.
Admin
Then why don't you provide us with some links proving the veracity of your statements? Maybe something believable? That would be grand, thanks.