Microsoft Tries To Censor Bing Vulnerability

← Back to Stories (view on slashdot.org)

Microsoft Tries To Censor Bing Vulnerability

Posted by kdawson on Monday November 9, 2009 @07:30PM from the don't-shout-and-wave-it-about dept.

An anonymous reader writes "Microsoft's Bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft fashion, the company has responded to the author of the breaking Bing cash-back exploit with a cease & desist letter, rather than by fixing the underlying security problem. It is possible for a malicious user to create fake Bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving their cash-back from Bing. The original post is currently available in Bing's cache, although perhaps not for long. But no worries, the author makes it clear that the exploit should be painfully obvious to anyone who reads the Bing cash-back SDK."

4 of 275 comments (clear)

Min score:

Reason:

Sort:

Re:How does he know MS isn't doing anything else? by BrokenHalo · 2009-11-09 20:49 · Score: 0, Troll

and as a lawyer who sends C&Ds for a living...

Wow, that's sad. That's almost like admitting to being a parking inspector...
Re:Mirror by WindBourne · 2009-11-09 22:26 · Score: 0, Troll

And yet, the FBI pretty much looks the other way when companies routinely cheat ppl out of hundreds or thousands of dollars.

--
I prefer the "u" in honour as it seems to be missing these days.
Re:And now thanks to /. and microsoft by commodore64_love · 2009-11-10 00:22 · Score: 0, Troll

>>>I fail to see how releasing this type of information is a bad thing.
I do. Just as we trust the government to take care of us, we need to trust Microsoft to do the right thing. Microsoft's leaders and the government's leaders are honorable men whose only desire is to see us succeed as human beings.
/end sarcasm

--
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Re:And now thanks to /. and microsoft by commodore64_love · 2009-11-10 00:26 · Score: 1, Troll

>>>I placed two $1 orders on January 24th of this year, and spent another $104,000 on October 24th.
According to our idiotic U.S. law, you are guilty of hacking a computer service. It doesn't matter that you didn't actually do it - you are presumed guilty, and it's your job to prove innocence. (Kinda similar to that guy who was falsely accused of downloading child porn - he too was presumed guilty until he could prove that it was malware that did it.)

--
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall