Dating site SeekingArrangement.com recently fixed a major security hole that exposed private negotiations between sugar daddies and babies.
Apparently, the security hole:
- allowed anyone to view private conversation threads between members
- made it possible for non-members to identify members
- existed since the site started two years ago (!)
How did this happen?
According Brian Krebs, Security Fix columnist for the Washington Post:
“[SeekingArrangement.com] contained a weakness that allowed anyone to view any conversation thread between two members of the site merely by manipulating one or two characters in the Web site’s Internet address.”
Brian Krebs also wrote:
“Worse yet, potential snoops did not need to be logged into the site to read members’ private messages. In addition, identifying the parties on either end of the transaction also was simple and could be done by non-members.”
Site owner Brandon Wade (an ex-Microsoft employee) placed part of the blame on “outside software developers” and said the site would go through more testing to close loopholes.
Source:
Move Over, Client #9 (http://voices.washingtonpost.com/securityfix/2009/01/move_over_client_9.html)
Internal Resources:
SeekingArrangement.com (http://www.giveyourhandabreak.com/sites/seekingarrangement/)
External Resources:
SeekingArrangement.com Website (http://seekingarrangement.com/)
Security Fix Blog (http://blog.washingtonpost.com/securityfix/)
About Security Fix (http://blog.washingtonpost.com/securityfix/2005/03/about_this_blog_1.html)
Comments are owned by whoever posted them. We are not responsible for them in any way.