Monday, December 14, 2009 security flaw still present

It's been nearly a month since we first told you about the security flaw on the relaunched web site. That's the problem that lets dumb users post their in-progress ads on Twitter, allowing anyone who clicks on the shared link to edit or otherwise hack the ad. was told, was told, the new site's developer was told and the advertiser was told.

But a vacation company posted to Twitter today, and what it posted was not the ad link ... but the ad-edit link. And go figure. It was still hot. Which led to an edit of the advertiser's message about fantasy vacations:

Travel through time, make love to alligators

We are an online Travel Agency specializing in fantasy travel deals.

Want to go to space?
Want to travel through time?
Ever wanted to make love to four alligators while dressed as Strawberry Shortcake?
Do you have an unnatural fetish for grape jelly?

We can make all your dreams come true, and for a surprisingly affordable price.

But first we need to figure out this Kijiji thing.

If you can help us learn not to post our private information on Twitter in such a way that any schmoe on the net can edit our ads, please contact us. We'd love an education in sensible use of the internet, and clearly we're well behind in that regard.

Really, it's not our fault. It's partly that let it happen. They shouldn't let us put such links on Twitter. Hell, if you search "kjiji security hole" online, you'll see that this flaw was posted the day the new launched.

Anyway, ask us about the alligators and the grape jelly.

Please visit
The ad is now deleted.

0 Responses to “ security flaw still present”

Post a Comment

Need a media interview about You Suck at Kijiji? Contact me!