Submitted
by
Anonymous Coward
on Saturday November 07, @03:48PM
An anonymous reader writes "Bountii.com recently posted information on a flaw in bing's cash-back system. It is trivial for individuals to fake cash-back requests to bing. A further concern is that these illegitimate cash-back requests can block out legitimate ones in the future as each order ID is tied to a maximum of one-cash back request, and with sequential order IDs it would be easy to claim all future orders. Rather than do the reasonable thing, of fixing the security flaw, Microsoft fired back with a nasty gram from its lawyers, demanding that bountii remove the information. And while bountii has complied with Microsoft's request, the flaw is should be readily apparent to anyone reading the bing cashback sdk. Perhaps one day Microsoft will learn that the approriate response to security issues isn't lawyers and threats, its programmers and patches."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Microsoft threatens exposer of bing-cashback flaw 0 Comments More Login /
Get More Comments