Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsStartupsWheedle.co.nz: experiences, comments
View this topic in a long page with up to 500 replies per page Create new topic
Prev1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | ... | 35Next
1525 posts

Uber Geek

Subscriber
  Reply # 694794 2-Oct-2012 12:48 Send private message

gzt: Why would you? Try the forgot password link. Deleting cookies before that may help also if there are weird session issues, which there are.


Nope.
Forgot password link just re-directs to the now infamous 404 page.
Tried numerous different browsers, deleting cookies/cache etc.
Nothing works. Every time it just redirects to the 404 page.
Attempting to login with different browsers with all caches/cookies cleared exhibits the same outcome... the 404 page.

Seems like I'm just going to have to wait until Wheedle gets back to me about my issue, if they ever do.

4736 posts

Uber Geek

Trusted
Subscriber
  Reply # 694795 2-Oct-2012 12:49 Send private message

oxnsox:
BarTender: My personal favourite is:

https://www.wheedle.co.nz/

They can't even get their secure version of the site working... doesn't bode well.

The secure site page loads for me, and stays on the https site for the login page (other options take me to the standard site).  
Don't have a login (and no intention to get one yet) to proceed further.


Yup it's ok for me. 

803 posts

Ultimate Geek
  Reply # 694796 2-Oct-2012 12:51 Send private message

for a new zealand site, its bloody slow.






196 posts

Master Geek
  Reply # 694810 2-Oct-2012 13:01 Send private message

That edit price issue is pretty bad, they really need to take the site offline immediately and fix the issues

They are getting bad press now because of it,
http://www.3news.co.nz/New-auction-site-Wheedle-puts-passwords-at-risk/tabid/412/articleID/271202/Default.aspx

Awesome
3001 posts

Uber Geek

Trusted
Subscriber
  Reply # 694813 2-Oct-2012 13:12 Send private message

Aaaand it's offline again

'Wheedle is down for maintenance'




Twitter: ajobbins

Awesome
3001 posts

Uber Geek

Trusted
Subscriber
  Reply # 694814 2-Oct-2012 13:14 Send private message

Mauricio, if you manage to get in touch with them offer my services too.

I'd be happy to fly in for a 4-6 month contract gig to consult on security for them. I have a fair bit of experience in the subject from working for their competitor ;)




Twitter: ajobbins

4248 posts

Uber Geek
  Reply # 694818 2-Oct-2012 13:17 Send private message

freitasm: I just saw on Twitter one can change prices of any auction by just visiting a crafted URL.?I am not posting the URL here.

On that note, here is a warning:

DO NOT POST WHEEDLE EXPLOITS HERE. ANYONE DOING SO WILL BE BANNED ON SIGHT, NO RECOURSE.

You can list something is broken (as I did above) but do not post explicit instructions.




It's been down for maintenance most of the day I think and still down, so perhaps they are fixing these problems. I just can't understand why they didn't have a soft launch to beta test it before spending all that money on advertising. They could have even submitted a beta test link here for people to test it before going live. Fail 101 I think on all fronts.

The other thing I think they need is a phone number. Trademe has one, and I believe many people do use it, despite it being user pays. If they had an 0800 number that could be their point of difference over trademe, by providing free phone support.

BDFL
43710 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 694819 2-Oct-2012 13:17 Send private message

Somehow I think they will ignore my offer. If they do contact me be sure I'd work with an A Team...





Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 

2551 posts

Uber Geek

Moderator
Trusted
Subscriber
  Reply # 694820 2-Oct-2012 13:20 Send private message

ajobbins: Aaaand it's offline again

'Wheedle is down for maintenance'


And hopefully it stays that way until they resolve the now quite large list of security issues..







Media centre PC - Case Silverstone LC16M with 2 X 80mm AcoustiFan DustPROOF, MOBO Gigabyte MA785GT-UD3H, CPU AMD X2 240 under volted, RAM 4 Gig DDR3 1033, HDD 120Gig System/512Gig data, Tuners 2 X Hauppauge HVR-3000, 1 X HVR-2200, Video Palit GT 220, Sound Realtek 886A HD (onboard), Optical LiteOn DH-401S Blue-ray using TotalMedia Theatre Power Corsair VX Series, 450W ATX PSU OS Windows 7 x64

683 posts

Ultimate Geek
  Reply # 694822 2-Oct-2012 13:26 Send private message

Not sure if this has been mentioned but they seem to have issues with host headers as well.

http://www.wheedle.co.nz - Works
http://wheedle.co.nz - 404








Awesome
3001 posts

Uber Geek

Trusted
Subscriber
  Reply # 694825 2-Oct-2012 13:30 Send private message

Nety: And hopefully it stays that way until they resolve the now quite large list of security issues..


Unfortunately I don't think there is a quick fix for some of the issues.

It sounds like their security model is fundamentally broken. If I were them, I would be putting out a press release right about now saying sorry folks, the site wasn't ready and they are going to take some time to fix it.

Then call in some experts and aim to have a relaunch in a month - with a private beta maybe a week earlier with a group of tech savvy people (Maybe Geekzone).

Having worked for their competitor for several years, and working with site security, risk, fraud and other trust and safety issues as a core part of my role, it seems that they have a long way to go in this space.

As well as basic site security they need to consider their ability to be able to detect and respond to phishing, alias (shill) bidding (or other manipulation), fraudulent users/listings, overseas scammers and the list goes on.

There is a lot that goes on behind the scenes in that marketplace that end users never see - and it would be very hard for a new company to foresee what risks they are facing. I could add a lot of value if they want to engage me.




Twitter: ajobbins

4736 posts

Uber Geek

Trusted
Subscriber
  Reply # 694832 2-Oct-2012 13:44 Send private message

ajobbins:
Nety: And hopefully it stays that way until they resolve the now quite large list of security issues..


Unfortunately I don't think there is a quick fix for some of the issues.

It sounds like their security model is fundamentally broken. If I were them, I would be putting out a press release right about now saying sorry folks, the site wasn't ready and they are going to take some time to fix it.

Then call in some experts and aim to have a relaunch in a month - with a private beta maybe a week earlier with a group of tech savvy people (Maybe Geekzone).

Having worked for their competitor for several years, and working with site security, risk, fraud and other trust and safety issues as a core part of my role, it seems that they have a long way to go in this space.

As well as basic site security they need to consider their ability to be able to detect and respond to phishing, alias (shill) bidding (or other manipulation), fraudulent users/listings, overseas scammers and the list goes on.

There is a lot that goes on behind the scenes in that marketplace that end users never see - and it would be very hard for a new company to foresee what risks they are facing. I could add a lot of value if they want to engage me.


Agreed, it's time they took the site offline with an apology and deal with the issues properly. 

Tel69
173 posts

Master Geek

Trusted
Subscriber
  Reply # 694838 2-Oct-2012 13:55 Send private message

Nety:
ajobbins: Aaaand it's offline again

'Wheedle is down for maintenance'


And hopefully it stays that way until they resolve the now quite large list of security issues..


Well one thing is certain. Their maintenance page works fine.

That's been throughly tested over the last few days.

865 posts

Ultimate Geek
  Reply # 694839 2-Oct-2012 13:57 Send private message

Looks like this is going from bad to ridiculous: 

http://www.stuff.co.nz/business/industries/7756544/Wheedle-site-technology-fails-again 




Didn't anybody tell you I was a hacker?

899 posts

Ultimate Geek
  Reply # 694841 2-Oct-2012 14:02 Send private message

ajobbins:
Nety: And hopefully it stays that way until they resolve the now quite large list of security issues..


Unfortunately I don't think there is a quick fix for some of the issues.

It sounds like their security model is fundamentally broken.



Agree.

I don't need to see their code to already know it's hopeless, the sort of issues we are all noting are fairly strong indicators that the people implementing this site did not think about... well anything except churning out code quickly.

The SQL injection potential, the storing of plaintext credentials in cookies, the ability to edit (prices of) other advertisements than your own, the absolute lack of performance (appropriate database indexes are likely non-existent is my guess here), the lack of any sort of testing, the pretty obvious server-farm-consistency and probably reverse proxy issues, the lack of caching headers where appropriate, the fact that it's design is "just like trademe"...

It all says "we shopped this out to the lowest price", and what they have got is a few programmers in a team who were told "just make it like this site", and they went in without any forethought, copying and pasting random stuff from their previous projects.  It's going to be hack-city (hack as in bodged togethor code, although the other meaning would equally apply!).

Fixing many of these problems, properly, is going to be real fundamental rewrite stuff I expect.

How much did they say they spent developing this, did I hear 10 million?  That can't be right, but if it is, hey Wheedle, I wouldn't normally work on this type of site, but you spot me a million bucks up-front and I'll redevelop the whole thing for you - it's got to be a good deal, right, hey, it's cheaper than your car!




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.  

Prev1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | ... | 35Next
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
InternetNZ and AUT University form strategic partnership
Posted 21-May-2013 09:29

Microsoft expands Windows Azure with Australian region
Posted 21-May-2013 09:11

Yahoo! to Acquire Tumblr
Posted 21-May-2013 08:18

University of Auckland partners with Google to train digital professionals
Posted 20-May-2013 17:16

Philips introduces its series of smart LED bulb in New Zealand
Posted 20-May-2013 11:05

Android and iOS combine for 92.3% of all smartphone OS shipment in the first 2013 quarter
Posted 17-May-2013 08:38


Trending now »
Hot discussions in our forums right now:

How do you fall out of a moving car ???
Created by Mark, last reply by surfisup1000 on 21-May-2013 22:40 (19 replies)
Pages... 2

A new project coming to Geekzone
Created by freitasm, last reply by xpd on 21-May-2013 21:19 (239 replies)
Pages... 14 15 16

Changeover issue: dial up
Created by Zigg, last reply by robjg63 on 21-May-2013 22:02 (17 replies)
Pages... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by strokes on 21-May-2013 23:46 (1509 replies)
Pages... 99 100 101

Orcon, Is this for real or a scam??
Created by old3eyes, last reply by mattwnz on 21-May-2013 13:20 (15 replies)

Ubiquiti Rocket M2 bridged - Does distance/performance drop markedly if units are mounted inside?
Created by clinty, last reply by LennonNZ on 21-May-2013 23:28 (14 replies)

Vodafone Naked Broadband Speeds (Auckland CBD)
Created by wscalioni, last reply by grkiwi on 20-May-2013 21:13 (14 replies)

"igov" online passport renewals
Created by Linuxluver, last reply by Linuxluver on 21-May-2013 22:18 (13 replies)


Geekzone Jobs »
Most recent NZ jobs in technology:

.NET Developer
Posted 22-May-2013 00:27

Application Support Analyst
Posted 21-May-2013 22:27

SAP Performance Test Lead
Posted 21-May-2013 22:27

Senior MI Analyst
Posted 21-May-2013 19:27

Software Engineer
Posted 21-May-2013 18:27

Senior C#.Net Developer ? 6 Months Fixed Term
Posted 21-May-2013 18:27

Senior Java Developer
Posted 21-May-2013 18:27


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.