Yellow Laserglow Laser - $1.00

[simplysped]

Great -- I'm so glad we have a hacker here ---
Another example of why soceity in general is in the dumps.

Mike

Wait... why is hacking a bad thing all of a sudden? I remember back in the day of packetstormsecurity and hackthissite, it was a skill that didn't come without a lot of hard work. And heck it was fun.

I'm not a "hacker", but i know the basic method of finding vulnerabilities. This is a must since I work with web programs all day.

I'm sick and tired of all of this social stigma around Grey area stuff that doesn't hurt anyone. Did someone in this thread scam laserglow out of money via "hacking"? Am I missing something?

 

[pseudolobster]

simplysped2, hevnsnt: I'll warn you ahead of time...
It's best not to bother trying to correct Senkat... If you look at old threads, historically you'll see that Greg sometimes hits the nail on the head, other times he's way off base, and in either situation he's fiercely devoted to his opinions. Completely unwavering in his stance, arguing with him is like arguing with a brick wall.

 

[Glaserfan]

Completely unwavering in his stance, arguing with him is like arguing with a brick wall.

Truer words have never been spoken... trust me. :-/.. Please don't bother arguing with him, as I and many others on here have enjoyed the peace around here lately.

I see the point of this thread, and the point here is not to rip off anyone, just (at first) a joke.. Now it has turned into an informational and possibly helpful thread to those with "shop-sites" who might need to tighten up their security a bit. Having a "Hacker" share his input is actually a good thing if you think about it...

 

[Bionic-Badger]

Justin - good on you to check every order - posts/threads like this, whether made in jest or not really show the level of depravity that exists around the world - I could go on and on (not that anyone would answer in any way, other than a pitiful attempt at a slam) but won't - the bottom line to all that may be reading this thread is thus : Be honest in your dealings with business people, or accept the consequences of your actions, period.  People that modify code on websites to their advantage, are the same type of people that would cross the street rather than assist someone in need of their help.  Folks like that, are the same people that snag cash from collection plates in churches, or withdraw from the salvation army kettle outside of shopping centers at Christmas time - you sicken me.
Now - this last part is addressed to any and all that cannot comprehend this post - stop being stupid, and leave honest people alone with your dirty little tricks - it really won't help you out in the long run.  In short, GROW UP.

Greg, what exactly was the point of this rant? So you don't like hackers. That's great. However, a mere dislike and a torrent of useless insults aren't going to prevent people from taking advantage of exploits in a system that they have no concern about. Preventative measures, in the form of good security practices, will.

So yes, be honest, but also don't be naive or you're going to get burned.

 

[Justin]

I don't check every order because of this exploit or problems with our cart, I check because it is good business practice to know who is ordering what. In fact, the only two times this exploit has been used are by two people from this forum who obviously read this thread and wanted to try for themselves, so if this thread did not exist it would appear that these two attempts would not have happened at all. Mostly I check for credit card fraud or custom orders that need extra attention, but now that this URL has been publicly posted and abused we may need to change our system to lock it out.

I can easily go into a store with an exacto knife, cut the UPC off of one item and stick it to another to lower the price. If the cashier doesn't notice this the store loses money, so whose fault is that? The cashier, the store, or the person that was willfully dishonest? Yes, our system has a loophole. No, it does not impact security, it just allows for manipulation of your cart contents. And yes, if you use this to your advantage you are being dishonest and you're a bad person. Case closed.

 

[charliebruce]

But when ZenCart is free, easy to set up,  manageable, secure and very customisable, why is it not worth switching (apart from if your server doesn't support it)? There's always the off-chance someone may shift a decimal point, and you don't notice, and lose hundreds of dollars on an order. Just because doing it makes someone a "bad person", doesn't mean you're not going to lose your money to them - yes, they do exist, and yes, they're on the internet - are keyloggers and spyware not proof of this? On the other hand, as long as you check the orders very carefully for obvious modification, and people's confidential information is sent through HTTPS to a secured location, then there's no real risk to either parties, and the people who think that it'd work in most circumstances are idiots.

Edit: Didn't read the dates :-[

 

[Hemlock_Mike]

This is another example of members with too much time and no responsibility. Trying to screw up a vendor's system costs us all more money.

STOP IT We at LFP are above this crap.

Mike

 

[simplysped]

And yes, if you use this to your advantage you are being dishonest and you're a bad person. Case closed.

Your statement is obvious and unrelated. Was anyone here trying to use this to their advantage or trying to scam you? I sure as hell wasn't.

This is another example of members with too much time and no responsibility. Trying to screw up a vendor's system costs us all more money.

STOP IT We at LFP are above this crap.

Mike

Uhg! What am I missing? How can you be this arrogant about this issue? Who here is trying to screw up this guys "system"? Look, there is a hole here, something needs to be put here so people don't scam. It's not like we are trying to maliciously do this, but poking publicly at a broken system to bring attention to an issue isn't wrong.

The problem is with your software dude! Why do you think stores have those alarms at the doors? Why do they have mirrors and cameras to make sure people don't slip things into their pockets? It's ignorant to just not fix these problems and just say "goddarn hackers" and blame the honest people in this thread who were doing NO harm. Stores install these security devices before people use exploits, and guess what, the solution needed to fix your problem doesn't cost more then a better free checkout system script and few hours of a knowledgeable "HAXOR KIDZ" time.

I just see a bunch of old geezers who would rather be lazy and point fingers than to reach out for help and work to have a secure site.

inb4-rep :-X

 

[SenKat_Stonetek]

Goog God, people - just because ANOTHER moron posts in a dead thread, doesn't mean you need to reply ! All of the little Haxor Kidz are going to sneak around, and play their little games regardless of what any "Old Geezer" says - which is why I made a comment, then left this idiotic thread alone. Mr. Sped - as others post warnings regarding other folks on here, and what not to say to them - I REALLY would think (if you are capable) about a pitiful attempt of hammering Hemlock Mike prior to doing so. He has contributed more knowledge and information to this forum, and this hobby than I have EVER seen out of you, so to phrase it properly so your simple little mind can handle it, SHUT UP. Got it ?

Oh - and HAPPY NEW YEARS TO ALL !

 

[Bionic-Badger]

I wish c0ldshadow would properly moderate the forum so that certain immature members wouldn't be allowed to launch personal attacks on other members. It seems to be a chronic problem with certain members, and I hope we don't see a repeat of the rampant trolling that occured a few months ago.

 

[MarioMaster]

I wish c0ldshadow would properly moderate the forum so that certain immature members wouldn't be allowed to launch personal attacks on other members. It seems to be a chronic problem with certain members, and I hope we don't see a repeat of the rampant trolling that occured a few months ago.

Agreed. This isn't a "hack" this is a blatant security hole that comes from either lazy or outdated web programming. I have voiced my opinion on this as well as other members. Nothing has been done and now there has only been trolling and flaming added to the mix.

 

[Hemlock_Mike]

Guys -- If you find a "hole", PM the guy and help him. Don't post it for all to see and play with.

Please.

Mike