Monday, December 14, 2009
Do you like this story?
It's been nearly a month since we first told you about the security flaw on the relaunched Kijiji.com web site. That's the problem that lets dumb users post their in-progress ads on Twitter, allowing anyone who clicks on the shared link to edit or otherwise hack the ad.
Kijiji.com was told, Kijiji.ca was told, the new site's developer was told and the advertiser was told.
But a vacation company posted to Twitter today, and what it posted was not the ad link ... but the ad-edit link. And go figure. It was still hot. Which led to an edit of the advertiser's message about fantasy vacations:
Travel through time, make love to alligators---
We are an online Travel Agency specializing in fantasy travel deals.
Want to go to space?
Want to travel through time?
Ever wanted to make love to four alligators while dressed as Strawberry Shortcake?
Do you have an unnatural fetish for grape jelly?
We can make all your dreams come true, and for a surprisingly affordable price.
But first we need to figure out this Kijiji thing.
If you can help us learn not to post our private information on Twitter in such a way that any schmoe on the net can edit our ads, please contact us. We'd love an education in sensible use of the internet, and clearly we're well behind in that regard.
Really, it's not our fault. It's partly Kijiji.com that let it happen. They shouldn't let us put such links on Twitter. Hell, if you search "kjiji security hole" online, you'll see that this flaw was posted the day the new kijiji.com launched.
Anyway, ask us about the alligators and the grape jelly.
Please visit http://www.fantasytraveldeals.com
The ad is now deleted.