- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
So you guys make fun of the sites security. But you couldn't leave it at that. You left your programming world and entered into slandering the business.
You make mention of contacting the customers and class action lawsuits. Shame on you!
Admin
Right now, I'm at work, making an honest living by doing who ever wrote that login couldn't. As someone mentioned above, many of us who visits this site are indeed professionals in the field. Please take the time to actually read what we "hackers" are telling you people, and hire someone half competent to fix your little problem. While you may or may not be a scam (though personally I think you guys are), you should probably focus on fixing the problem on your end rather than come here and dish out empty threats.
Admin
Take it from a hard-working, decently-paid, stone-cold-sober software developer for one large and very-well-known company... this shit is frickin' hilarious.
Well done Alex - I've been waiting for a good old-fashioned belly laugh from TDWTF for quite a while.
Admin
Don't forget, the internet is Serious Business.
Admin
I think so too.
Fortunately that didn't happen in this case, since no informed person on the planet would consider selecting View Source off of the browser's menu to be an "exploit".
Admin
My god woman, get a clue already. You have a hole. A giant one. There isn't even a front door at this point: someone drove an SUV through that shit when they got paid to create this website. If anything, I'd be talking to the people you guys paid to create your website, not us.
FOR THE WIIIN
Professional Security Services Inc 05/07 4276 North 900 East Buhl ... Professional Security Services Inc 05/07 4276 North 900 East Buhl, ID 83316 Telephone: (208) 543-2803 Fax: (208) 543-2803 Email: [email protected] ... officers.federalsuppliers.com/s/s_id.htm - 5k - Cached - Similar pages - Note this is from GOOGLE.
Admin
HOW DID THEY GET MY PASSWORD?
Admin
Dear Sir, You should be grateful!! really! you just hit reddit front page, put some google ads and make some money.
Admin
Googling for "Federal Suppliers Guide" shows some fairly mixed reviews.
Apparenty FSG is a "subsidy publisher" (aka "vanity publisher"), among other things
http://www.macraesbluebook.com/search/company.cfm?company=535243
out of New Port Richey, Florida.
Some of the comments on various boards I sampled indicate positive results but given that the comments are anonymous, who can tell?
Admin
You're missing the point. This website (dailywtf) has, in the past, changed names (usually the submitter and who the work for) in order to differentiate themselves from a script kiddy website. From the story above, it was not obvious to me that they were scammers. It seems to me that they perhaps don't offer a particularly useful service and it is overpriced, but this isn't like nigerian 419 scam. My whole point is in the past, dailywtf has preserved anonymity of the parties involved. I know that hasn't stopped some enterprising googlers from figuring it out on their own.
So what is it now, we only anonymize if we like you? If you're not an idiot?
I read this website b/c I enjoy story about mistakes people have made...not because I want to join a gang of internet thugs.
When you cross the line from posting stories about failures in software development to pointing your readers at exploitable websites (no matter how easily), in my mind, you've moved from being a journalistic site to a gang of vigilantes and thugs.
If you disagree with me, that's fine...but don't delude yourself w/ some righteous argument about the security of client-side javascript.
-dave
Admin
Aren't all you wienies, I mean geeks, just so proud of yourselves? I guess between taking a few tokes you have nothing better to do than slam people trying to actually work for a living. While you have all day to sit around in your underwear trying to prove your superiority breaking into what amounts to other people's houses, (albeit, online houses) the rest of the world is working. It must be tough for you to justify your lives without vilifying others. I'm sure you don't even try. People who make false statements about others may find themselves at the wrong end of a lawsuit. People in glass houses shouldn't throw stones. But, don't worry, nothing could possibly happen to you. I'm sure no one could find your address. I'm sure you all operate everything in your life on the up and up and can hold up to scrutiny as well. So, just smoke another one and don't you worry about it.
The business is located in Palm Harbor, FL. That's 11 miles from Scientology HQ, Clearwater, FL. The above comments are textbook examples of a Scientologist "debate" technique called Bullbaiting.
I guarantee half of this company's employees are Scientologists.
Admin
Jeeze... this response looks like it was written by a 5 year old. Ever heard of capitalization or punctuation? And you have FOUR kids???? Gawd help them if they are as ignorant as you are.
Admin
Great wtf!
You gotta love how "CUSTOMER SUPPORT" starts this highly unprofessional rant about their family life and how they would qualify for immunity from criticism, then their other "employees" start coming in talking trash.
I would definitely do business with them. These people seem so legit and professional! Unlike all the posters here, of course. But maybe that's due to my being stoned CONSTANTLY.
Admin
Punctuation. Is. Cool.
Admin
I wouldn't worry about it too much. Plenty of idiots are hired by the federal government.
That's pretty much what they do - hire idiots.
Congrats on perpetuating the failures of our bureaucracy!
Admin
But how else could I write this code. How can you secure a webpage with out posting the username and password on the page. http://www.fuckinggoogleit.com/ <-- go here to figure out how to secure your webpage.
and if you cared about your job and your clients you would fix this and thank the kind man for pointing this out.
Admin
site:officers.federalsuppliers.com in google will give you the contents anyway, by the looks of the results.
Admin
Domain: federalsuppliers.com Registration provider: MateMedia, Inc.
Registrant Jim Sprecher Jim Sprecher ***@countrysidepublishing.com PO Box 1735 Oldsmar, FL 34677 US +1.8139250195 (FAX)
Administrative Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Billing Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Technical Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Admin
Domain: federalsuppliers.com Registration provider: MateMedia, Inc.
Registrant Jim Sprecher Jim Sprecher ***@countrysidepublishing.com PO Box 1735 Oldsmar, FL 34677 US +1.8139250195 (FAX)
Administrative Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Billing Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Technical Countryside Publishing Company Countryside Publishing Company Inc. ***@countrysidepublishing.com 3135 SR 580 Suite 6 Safety Harbor, FL 34695 US +1.7277263400 (FAX)
Admin
Looks like you guys are making them mad! Now quit all you 1337 computer hacking skills and get back to doing real work. What you are doing is akin to Nigerian 911 scamming, and it WILL be reported to the authorities... because after all, they say RIGHT ON THEIR WEBSITE that they can make you lots of money by using their service, so it must be true.
Admin
"Bullbaiting"? What, L. Ron Hubbard couldn't spell "ad hominem attack"?
Admin
ok Annaleemac ... the point of the site is to be an elitist programmer snob
at the expense of poorly programmed examples
I'm sure no one here denies it
Admin
What is the point of posting this?
Admin
Admin
Ya, there is no responsibility to your customers and clients to have their information secure. It's ok to arbitrarily set a price for a service with no expectation of protecting their information, privacy or security. It is everyone else's fault that you created a shitty product and the proper authorities need to know that people are going out of their way to prevent other people from investing in your scam... err.. lack of investment in securing their information. That is obvious slander and your kids should hate them for that.
Admin
I'm not missing the point. While in general I would agree with you, I'm taking into account the actual loss that this particular company is suffering, which is "none", so . . . how exactly am I a thug? There's no product to steal, no source code to download, nothing to reverse-engineer, just a list of their clients which they left wide open and has already been cataloged by Google. No damage. They took themselves offline, not hackers. If they did it because they were suddenly worried about their files being copied, well, it's a little late for that. Who knows how long those files have been viewed by people who did not login? Odds are that they don't even keep logfiles for very long (if at all) so they probably can't even answer that question.
Where is the damage?
Admin
Don't blame them for insecure code, its not even original code. This site http://www.2createawebsite.com/enhance/password-protect.html offers a familiar looking free script to protect your site:
<!--// /*This Script allows people to enter by using a form that asks for a UserID and Password*/ function pasuser(form) { if (form.id.value=="userID") { if (form.pass.value=="password") { location="page2.html" } else { alert("Invalid Password") } } else { alert("Invalid UserID") } } //--> </script>Admin
You sir deserve a pink slip.
Admin
Provided this site is legit, and wants to improve, then I am prepared to offer my consulting services for a nominal fee to A) Redesign their website to make it decent looking, and B) Add some real security and features, not a bunch of hard-coded vaporware. I am located in the Tampa Bay area - if this place is in Palm Harbor, that is only about 20 minutes from where I live. I would not mind assisting a business that is just, to be blunt, ignorant of what needs to be done.
I'd say about $5,000 for a redesign, some logo branding, and some development sounds about right.
Admin
WHATS THE MATTER WITH TRAILERPARKS?
Admin
they do this in our neck of the woods too (Scotland) - dirty swine - and they're always Liverpudlian, yet claim to work for the local police department, or fire service, or teenage boys in trouble, "You do want to help the kids now don't you"
Admin
It's not "hacking" if you have the username and password out in the open for everyone to see.
Admin
I just can't believe someone working in that environment for ten years would execute such basic grammatical errors.
Admin
You really, really, need to hire a web professional since clearly whoever is "helping" you now doesn't understand web security in any professional way.
Just to be clear, you haven't been hacked. Your website is actually publishing the user name and password for anyone who can find the "view source" command available in every browser.
I've never heard of your company and have no reason to think that you're not legitimate. You will need to either educate your web developer or find someone who can secure your site for you. It's not terribly hard, but the method you're currently using is, obviously, not secure.
Admin
To be fair, the webpage inclues this:
Free Password Protection Script
Warning: This script is not totally secure and the password can be seen if someone views your source code.
Admin
They've given up on passwords and removed all but their front page.
It's a shame that Google's cached the lot!
http://www.google.co.uk/search?q=site:officers.federalsuppliers.com
Admin
I'm awfully sorry for the operators of the site. They didn't expect the drubbing they're taking.
But Dang! I have to print this out, put it on a wooden table, take a picture, print it, scan it, and call it Brilliant!
Brilliant!
Admin
That's hilarious! When I first started reading this post, I thought it might have actually been written by someone at FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT.
Excellent trolling!
Admin
I guarantee you that 99% of the people posting here are like me...people who have a well-paying job and gasp also have access to the internet while they're at work. And most of them probably make a lot more money than you do, despite being very young.
But if it helps you sleep at night, then tell yourself that we're all a bunch of drugged out losers. Just remember that we're laughing at you, and not with you.
Admin
We have left them no choice but to summon BALTRON!
Admin
Did you mention to your clients that you left their personal information on an unsecured server that any kid with a web browser would be able to view? I don't think they'd be very happy with you. Welcome to the internet.
Admin
Admin
i honestly find it hard to believe that if you've been working with secure apps for 10 years that you can't do a bit better with your security. If all someone has to do is look at the source code to find out how to "hack" your site it really doesn't give you much credibility. I'm fresh outta' college with no professional experience in web security but I still know how to build something that can't be "hacked" with such ease.
Admin
Seems like google has removed the actual pages from the cache.
Admin
Code is still there as above but the login is broken. Silly 12 year olds making websites....
Admin
Ah, this warms the cockles of my tiny black heart.
Admin
The Lulz! TEH LULZ!
Dear FEDERAL SUPPLIERS GUIDE CUSTOMER SUPPORT:
It would be interesting to see you prove in a court of law that Right-Click -> View Source is hacking. How much did you pay your web designer to come up with that one?
Keep changing the password, though. That'll definitely keep unauthorized people out.
DIAF, J
Admin
As much as I sympathise you having found your company in such a poor situation, poor security - or, in this case, IGNORANCE - is no excuse.
When your insurance company asks all those important questions that help it decide whether or not to willingly assist you in need, your ignorance will not help you.
The information you hold is useless to me however the transparency with which it is visible is akin to building a bank with an alley-way entrance where the single door made of paper mache by kids in a mental institution leads directly into your vault from behind.
In this case an inquisitive visitor has punished your company for its incompetence. Whether or not you do a good job is not being looked at. Its whether or not the management made a good choice in choosing a web developer for their site. And a disastrous choice it was.
Such incompetence, unfortunate as it may be, cannot go unpunished.
Admin
So what you're saying is that there has to be tangible monetary losses in order for them to be anonymous? The whole google cache argument is somewhat irrelevant. In my mind, dailywtf should have edited the article to present the story (which is why I read the site) and leave the involved parties out and anonymous. There should be no pick and choose between whether they think people will get hurt. whether money will be lost. Pick the purpose of this site: Is it to be entertained by the folly of people in the industry? Or is it to harass less knowledgeable people in our field? I want no part of any site that delights in the harm of others. That was the best thing about entering the white collar workforce. I can't remember the last time somebody publicly shamed me for the fun of it when I made a mistake. The last time I saw that kind of behavior was in public high school.
-dave