Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Tries To Censor Bing Vulnerability

Posted by kdawson on from the don't-shout-and-wave-it-about dept.

An anonymous reader writes "Microsoft's Bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking Bing cash-back exploit with a cease & desist letter, rather than by fixing the underlying security problem. It is possible for a malicious user to create fake Bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving their cash-back from Bing. The original post is currently available in Bing's cache, although perhaps not for long. But no worries, the author makes it clear that the exploit should be painfully obvious to anyone who reads the Bing cash-back SDK."

9 of 275 comments (clear)

  1. Re:And now thanks to /. and microsoft by u38cg · · Score: 5, Funny
    That seems pretty unlikely to me.

    ~Barbara

    --
    [FUCK BETA]
  2. Re:Mirror by TheWizardTim · · Score: 5, Funny

    Another fun trick was to take a $1 and a $20 and cut them both in half. Then tape half of the $1 and the $20 to make two $21 dollar bills. Silly I know, but if you put them in a change machine, it would look for the numbers in the corners, it would read a 20 then a 1 and then give you $21 in change. You then took the other part and got $21 in change as well. Quick way to double your money. Now the machines check to make sure that all four numbers on the corners match up.

  3. Re:How does he know MS isn't doing anything else? by Anonymous Coward · · Score: 3, Funny

    Uh? Cash back is negative income for Microsoft, and as a lawyer who sends C&Ds for a living, I am offended by the fact that you call that "doing nothing".

  4. Re:And now thanks to /. and microsoft by Anonymous Coward · · Score: 1, Funny

    Except, by the time it turns up on slashdot, it already is all over the rest of the internet.

    Even if bing removes it from their cahce.

  5. Re:How does he know MS isn't doing anything else? by mdenham · · Score: 3, Funny

    You're right, sending C&Ds isn't doing nothing.

    It's actively producing negative work, turning productively spent time into wasted time.

    So congratulations, you're doing less than nothing!

  6. Re:Mirror by Anonymous Coward · · Score: 1, Funny

    I'd just keep the two $21 dollar bills myself. Quick way to double your money!

  7. MS Response by TheVelvetFlamebait · · Score: 2, Funny

    Microsoft has posted this page in response:

    http://www.bing.com/search?q=bing+cashback+vulnerability&go=&form=QBLH&filt=all&qs=n

    --
    You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
  8. Re:And now thanks to /. and microsoft by rev_g33k_101 · · Score: 5, Funny

    The results are so haphazard, it feels like their parody of google is what actually drives Bing.

    I don't know how this late in the game a search engine can be so bad.

    answer:

    Because
    It's
    Not
    Google

    It's all in the name :D

    --
    "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore."
  9. Re:And now thanks to /. and microsoft by NekSnappa · · Score: 4, Funny

    Common man! This is /. so it has to be self-referencing
    Bing
    Is
    Not
    Google

    --
    I want to shoot the messenger!