Wednesday, November 18, 2009

Major security gap already?

Just hours after launching its new look, a big security hole has been discovered at US ad site

A twitter user tweeted his Kijiji ad for a home for sale. But what he tweeted was not the ad -- it was the ad preview. A user was able to click the tweet, get into the ad, change it, and finally post it for public viewing.

And here's what came out:

How could this happen?

The new footer has a big "SHARE" button in the bottom right-hand corner that can be accessed *while* posting an ad. So the poster, in this case, obviously SHARED the preview page. There's no security at that point, other than a CAPTCHA, to prevent whoever goes to that page from editing the ad and posting it.

Score a "day one suck" for

PS: The ad poster has been notified via Twitter that his/her ad needs attention.

0 Responses to “Major security gap already?”

Post a Comment

Need a media interview about You Suck at Kijiji? Contact me!