Indeed. It's a shame that only 2% of the senate is willing to stand up against this gross violation of transparency and democratic principles. Good luck to Bernie Sanders and Sherrod Brown and anyone else who might join them.
It seems similar to some takedown notice cases we see. Guy puts up infringing thing on his website. Company asks nicely for him to take it down, even though the infringement was already committed. Guy doesn't take it down. Then the company sues him.
So stealing 25 cents from every single person in the US is acceptable? Just because your crimes aren't noticeable to each individual victim doesn't mean that the damage doesn't add up on a national scale.
These are overused clichés and because of them 90% of books are essentially the same book with character and place names search-and-replaced. Calling them "essential" just exposes how little you know, and makes you look like someone who never thinks outside the box. Go back to consuming stories, and don't try to talk up to people who know more than you. Thanks, bye!
It's funny how if it wasn't taken down I probably wouldn't even have read it, but since it was I actively sought it out, wasting an entire 5 minutes of my valuable time, and then read it over and posted it to some other places since it's a good article and I wouldn't want to see it disappear off the internet. Will they even learn?
And here's the offending message (it doesn't even reveal much):
I’ve never bought anything using Bing Cashback, but the balance of my account is $2080.06. Apparently, I placed two $1 orders on January 24th of this year, and spent another $104,000 on October 24th. Let’s see how these transactions might have “accidentally” got credited to my account.
First, we need to try to figure out how transactions get into Bing Cashback. Microsoft posted some documentation here. The explanation of how a merchant reports transactions to Bing starts on page 20. Merchants have a few options for reporting, but Bing suggests using a tracking pixel. Basically, the merchant adds a tracking pixel to their order confirmation page, which will report the the transaction details back to Bing. The request for the tracking pixel looks something like this: https://ssl.search.live.com/cashback/pixel/index? jftid=0&jfoid=<orderid>&jfmid=<merchantid>
&m[0]=<itemid>&p[0]=<price>&q[0]=<quantity> This implementation, while easy for the merchant, has an obvious flaw. Anyone can simulate the tracking pixel requests, and post fake transactions to Bing. I’m not going to explain exactly how to generate the fake requests so that they actually post, but it’s not complicated. Bing doesn’t seem to be able to detect these fake transactions, at least not right away. The six cents I earned in January have “cleared,” and I’m guessing the remaining $2080 will clear on schedule, unless there is some manual intervention. Even if Bing detects these fake transactions at some point in the future, the current implementation might have another interesting side effect. I haven’t done enough work to say it with confidence, but a malicious user might be able to block another user’s legitimate purchases from being reported correctly by Bing (I only tried this once, but it seemed to work). Posting a transaction to Bing requires sending them an order ID in the request. Bing performs a reasonable sanity check on the order ID, and will not post a transaction that repeats a previously reported order ID. When a store uses predictable order ID’s (e.g. sequential), a malicious user can “use up” all the future order ID’s, and cause legitimate transactions to be ignored. Reporting would be effectively down for days, causing a customer service nightmare for both Bing and the merchant. Based on what I’ve found, I wouldn’t implement Bing Cashback if I were a merchant. And, as an end user and bargain hunter, it does not seem smart to rely on Bing Cashback for savings. In our next blog post, I’ll demonstrate some other subtle but important reasons to avoid using Bing Cashback.
Slashdot Mirror
the rules can't be that draconian
Of course, dragons are perfectly happy with delicious ducks being on there.
You could always download a static version.
You must be new he... UID 891430... wait what?
How do we know the guy is still alive?
Why do games have to be 3D? I've programmed fairly complex 2D games just fine.
"We got more senators than that"
Indeed. It's a shame that only 2% of the senate is willing to stand up against this gross violation of transparency and democratic principles. Good luck to Bernie Sanders and Sherrod Brown and anyone else who might join them.
IE = Internet Exploder. So an IE flaw would constitute IE not exploding the internet (ie. working as it should). So far the record is spotless.
I agree, that is excessive. BTW, do you use vim or emacs? I want to know whether or not I should call the hit.
That's like saying "wouldn't be a robber if there were no banks around".
It seems similar to some takedown notice cases we see. Guy puts up infringing thing on his website. Company asks nicely for him to take it down, even though the infringement was already committed. Guy doesn't take it down. Then the company sues him.
The 1st amendment doesn't protect your right to say some things, but this is about NOT saying something. Completely different problem.
So stealing 25 cents from every single person in the US is acceptable? Just because your crimes aren't noticeable to each individual victim doesn't mean that the damage doesn't add up on a national scale.
These are overused clichés and because of them 90% of books are essentially the same book with character and place names search-and-replaced. Calling them "essential" just exposes how little you know, and makes you look like someone who never thinks outside the box. Go back to consuming stories, and don't try to talk up to people who know more than you. Thanks, bye!
Never gonna C-C-C-break your combos
So because this vulnerability is closed now it was closed when the article was written? Do you really think Microsoft hasn't fixed it by now?
This would be extremely effective in making touchscreen interfaces usable for the blind.
Mod parent up. I ran that script and my kernel's memory usage has reduced by 50%.
Last writes? You're going to die and all you care about is your filesystem?
Don't you mean
sudo rm -rf /
This responses posted you zing voice wreck ignition software.
It's funny how if it wasn't taken down I probably wouldn't even have read it, but since it was I actively sought it out, wasting an entire 5 minutes of my valuable time, and then read it over and posted it to some other places since it's a good article and I wouldn't want to see it disappear off the internet. Will they even learn?
I missed this but ’ is Slashdot speak for the apostrophe.
And here's the offending message (it doesn't even reveal much):
I’ve never bought anything using Bing Cashback, but the balance of my account is $2080.06. Apparently, I placed two $1 orders on January 24th of this year, and spent another $104,000 on October 24th. Let’s see how these transactions might have “accidentally” got credited to my account.
First, we need to try to figure out how transactions get into Bing Cashback. Microsoft posted some documentation here. The explanation of how a merchant reports transactions to Bing starts on page 20. Merchants have a few options for reporting, but Bing suggests using a tracking pixel. Basically, the merchant adds a tracking pixel to their order confirmation page, which will report the the transaction details back to Bing. The request for the tracking pixel looks something like this:
https://ssl.search.live.com/cashback/pixel/index?
jftid=0&jfoid=<orderid>&jfmid=<merchantid>
&m[0]=<itemid>&p[0]=<price>&q[0]=<quantity>
This implementation, while easy for the merchant, has an obvious flaw. Anyone can simulate the tracking pixel requests, and post fake transactions to Bing. I’m not going to explain exactly how to generate the fake requests so that they actually post, but it’s not complicated. Bing doesn’t seem to be able to detect these fake transactions, at least not right away. The six cents I earned in January have “cleared,” and I’m guessing the remaining $2080 will clear on schedule, unless there is some manual intervention.
Even if Bing detects these fake transactions at some point in the future, the current implementation might have another interesting side effect. I haven’t done enough work to say it with confidence, but a malicious user might be able to block another user’s legitimate purchases from being reported correctly by Bing (I only tried this once, but it seemed to work). Posting a transaction to Bing requires sending them an order ID in the request. Bing performs a reasonable sanity check on the order ID, and will not post a transaction that repeats a previously reported order ID. When a store uses predictable order ID’s (e.g. sequential), a malicious user can “use up” all the future order ID’s, and cause legitimate transactions to be ignored. Reporting would be effectively down for days, causing a customer service nightmare for both Bing and the merchant.
Based on what I’ve found, I wouldn’t implement Bing Cashback if I were a merchant. And, as an end user and bargain hunter, it does not seem smart to rely on Bing Cashback for savings. In our next blog post, I’ll demonstrate some other subtle but important reasons to avoid using Bing Cashback.
Chinese is an accepted blanket term for the dialects in that country. See http://en.wikipedia.org/wiki/Chinese_language
You'd have to be a really strange person
How charming of you.