Slashdot Banner
Stories
Slash Boxes
Comments
typodupeerror delete not in

+-   Microsoft threatens exposer of bing-cashback flaw on Saturday November 07, @03:48PM Anonymous Coward

Submitted by Anonymous Coward on Saturday November 07, @03:48PM
An anonymous reader writes "Bountii.com recently posted information on a flaw in bing's cash-back system. It is trivial for individuals to fake cash-back requests to bing. A further concern is that these illegitimate cash-back requests can block out legitimate ones in the future as each order ID is tied to a maximum of one-cash back request, and with sequential order IDs it would be easy to claim all future orders. Rather than do the reasonable thing, of fixing the security flaw, Microsoft fired back with a nasty gram from its lawyers, demanding that bountii remove the information. And while bountii has complied with Microsoft's request, the flaw is should be readily apparent to anyone reading the bing cashback sdk. Perhaps one day Microsoft will learn that the approriate response to security issues isn't lawyers and threats, its programmers and patches."
submission

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More
Loading... please wait.
You teach best what you most need to learn.