Forgot your password?

typodupeerror

Microsoft threatens exposer of bing-cashback flaw

Submitted by Anonymous Coward
An anonymous reader writes "Bountii.com recently posted information on a flaw in bing's cash-back system. It is trivial for individuals to fake cash-back requests to bing. A further concern is that these illegitimate cash-back requests can block out legitimate ones in the future as each order ID is tied to a maximum of one-cash back request, and with sequential order IDs it would be easy to claim all future orders. Rather than do the reasonable thing, of fixing the security flaw, Microsoft fired back with a nasty gram from its lawyers, demanding that bountii remove the information. And while bountii has complied with Microsoft's request, the flaw is should be readily apparent to anyone reading the bing cashback sdk. Perhaps one day Microsoft will learn that the approriate response to security issues isn't lawyers and threats, its programmers and patches."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft threatens exposer of bing-cashback flaw

Comments Filter:

This here's the wattle, The emblem of our land. You can stick it in a bottle; You can hold it in your hand. Amen! -- Monty Python

Working...