SPAM Alert - (Hell Pizza compromised?)

Forums › Off topic › SPAM Alert - (Hell Pizza compromised?)

1 | 2 | 3 | 4 | 5 | 6

reven

3748 posts

Uber Geek
+1 received by user: 874

Trusted

#358400 29-Jul-2010 14:20

dman:
sleemanj: SQL injection is one thing, but this was pretty sloppy, it wasn't just forgetting to escape a string or something, it was sending complete unchecked SQL across the wire. Even 10 years ago (really, 10 years, in flash?) that would have been pretty obviously a bad idea.
it wasn't just that, they had a whole comedy of errors. Like storing passwords as plain text, no matter how many years we are talking about you can't call that secure

for my forum i was using yetanotherforum.net, an open source asp.net forum, and the first thing i noticed, the passwords were all stored in the db as plaintext. the first thing i did was change them to a seeded md5 hash.

its not uncommon to do, but i really wish it was.

seriously never going to use their website to make an order, or heaven forbid make a credit card payment through them.

Kyanar

4089 posts

Uber Geek
+1 received by user: 1684

ID Verified

Trusted

#358444 29-Jul-2010 15:03

reven:
dman:
sleemanj: SQL injection is one thing, but this was pretty sloppy, it wasn't just forgetting to escape a string or something, it was sending complete unchecked SQL across the wire. Even 10 years ago (really, 10 years, in flash?) that would have been pretty obviously a bad idea.
it wasn't just that, they had a whole comedy of errors. Like storing passwords as plain text, no matter how many years we are talking about you can't call that secure

for my forum i was using yetanotherforum.net, an open source asp.net forum, and the first thing i noticed, the passwords were all stored in the db as plaintext. the first thing i did was change them to a seeded md5 hash.

its not uncommon to do, but i really wish it was.

seriously never going to use their website to make an order, or heaven forbid make a credit card payment through them.

CC payments for Hell are now run through a third party called Mobi2Go (a NZ company by the name of Third Screen Interactive).

reven

3748 posts

Uber Geek
+1 received by user: 874

Trusted

#358484 29-Jul-2010 16:02

yeah but i still wont trust hell with this kind of information any more.

if they came out and admitted it straight up, and not blaming a disgruntle employee i might of had some respect left for them and a bit of trust they would clean up their act.

but they didnt, so i cant trust them. not saying i wont still eat there (love their pizzas), i just wont be using their webapp to order. which is a shame because i only use dominos or pizza huts webapp when ordering through them (unless on iphone, stupid flash)

richms

29099 posts

Uber Geek
+1 received by user: 10214

Trusted

Lifetime subscriber

#358535 29-Jul-2010 16:47

I only ever order pickup with dominos, the email address used has been safe so far, and the "name" I give them is not usually mine.

Richard rich.ms

reven

3748 posts

Uber Geek
+1 received by user: 874

Trusted

#358615 29-Jul-2010 17:52

richms: I only ever order pickup with dominos, the email address used has been safe so far, and the "name" I give them is not usually mine.

Lol

1 | 2 | 3 | 4 | 5 | 6