Microsoft threatens exposer of bing-cashback flaw
Submitted
by
Anonymous Coward
An anonymous reader writes "Bountii.com recently posted information on a flaw in bing's cash-back system. It is trivial for individuals to fake cash-back requests to bing. A further concern is that these illegitimate cash-back requests can block out legitimate ones in the future as each order ID is tied to a maximum of one-cash back request, and with sequential order IDs it would be easy to claim all future orders. Rather than do the reasonable thing, of fixing the security flaw, Microsoft fired back with a nasty gram from its lawyers, demanding that bountii remove the information. And while bountii has complied with Microsoft's request, the flaw is should be readily apparent to anyone reading the bing cashback sdk. Perhaps one day Microsoft will learn that the approriate response to security issues isn't lawyers and threats, its programmers and patches."
Microsoft threatens exposer of bing-cashback flaw More Login
Microsoft threatens exposer of bing-cashback flaw