Labour’s passwords

June 15th, 2011 at 11:00 am by David Farrar

’s security issues go beyond the fact they left their entire server contents available for anyone to see if they went to one of their campaign . Their passwords are now in Google.

Whale blogs:

Com­menters at Kiwiblog and other sites quickly realised what I did long ago and that was that Google and other bots had archived Labour’s open site exten­sively. All their data is still in the cache and will be for quite some time.

Doing a sim­ple cache search of the root domain with the word “pass­word” added shows just how bad their secu­rity was.

The prob­lem how­ever was much worse than that. Way worse. Remem­ber that Chris Flatt the Labour Gen­eral Sec­re­tary sent out a let­ter and email to their donors assur­ing them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.

In the MySQL data­base files there were also plain txt strings that con­tained other data­base pass­words along with the user name and pass­words of their credit card provider.

Oh dear.

This shows the appalling lack of secu­rity not only for the donor and mem­ber­ship details but also with regard to user­names and pass­words for other secure areas.

I never accessed those areas, to do so would have been ille­gal. But given that their sys­tems were open and exposed long enough that Google and 9 other bots were able to cache the entire direc­tory sys­tem there is a good chance that Rus­siam or Niger­ian scam­sters also were able to obtain access to the data­base and credit card pro­cess­ing passs­words that Labour left exposed. Chris Flatt can­not give any assur­ances that their donor details includ­ing credit cards were safe and secure.

Their credit card passwords have been sitting in Google for several months. Need more be said.

Tags: , ,

64 Responses to “Labour’s passwords”

  1. alex Masterley (1,491 comments) says:

    Labour has an open door policy then?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  2. annie (537 comments) says:

    Maybe when the inevitable happens and dishonest types who have picked the card details up from google and other bot sites start using them, assuming they haven’t already over the months the info has been lying bare on the web, the banks could look to the Labour party for compensation?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  3. berend (1,634 comments) says:

    But remember, it is National’s fault for not alerting Labour to security issues with their site!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  4. Graeme Edgeler (3,267 comments) says:

    What on Earth is a “credit card password”?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  5. Ryan Sproull (7,033 comments) says:

    What on Earth is a “credit card password”?

    Could mean their CSC numbers on the backs of the cards.

    With those and the credit-card numbers themselves, you could buy all KINDS of porn online.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  6. David Farrar (1,856 comments) says:

    A password for their credit card processing facility.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  7. PaulL (5,873 comments) says:

    A password to, and connection details for, the database that holds the credit card details. I suspect it’s not quite that easy, but hard to say.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  8. La Grand Fromage (145 comments) says:

    Whaleoil also highlights a letter he recieved about this issue from douche master general, Micky Savage. Does anyone know if invoices for legal aid specify the time that the work took place?

    If so it would be interesting to see if any of the $158k that Micky billed this year took place whilst engaged in his ridiculous bum fuckery on the Standard.

    Of course that would be stealing.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  9. alex Masterley (1,491 comments) says:

    LGF.
    No they don’t.
    Invoices to the LSA simply specify the time spent on a job not when the time was spent.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  10. PaulL (5,873 comments) says:

    Reading Whale’s post, I reckon there’s a chance it’s not as bad as he thinks. Typically a mysql database isn’t accessible from the internet, only from a local server. So I doubt you could log on. But anything’s possible.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  11. Murray (8,838 comments) says:

    The mickey, hes a character alright cheesy.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  12. Put it away (2,888 comments) says:

    Doesn’t seem possible to get the cached version from google anymore, has labour talked them into censoring it?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  13. Rich Prick (1,553 comments) says:

    You know this is all National’s fault as well, don’t you.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  14. jaba (2,089 comments) says:

    that Mickey is a hoot, that’s what he is.
    poor Labour .. what a disaster, no wonder Fullmoon King looks so tired .. when is Phil back?
    who needs Coro for their gratuious drama?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  15. Put it away (2,888 comments) says:

    Paull – did he need to log on to the database? I thought he just downloaded the unencrypted database file and read it as text

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  16. KevinH (1,131 comments) says:

    An open window is no excuse for burgling someones home, a crime is a crime regardless of the circumstances.If you truly believe that hacking a database for percuniary purposes is legitimate then you are a exponent of morons logic.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  17. Sarkozygroupie (189 comments) says:

    Alex,

    more like a back door policy.

    (Sorry everyone, just couldn’t resist some base silliness today)

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  18. muncha1 (18 comments) says:

    I used to feel sorry for Labour about this. Then I remmebered Hollow Men

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  19. RightNow (6,669 comments) says:

    Oh jeez KevinH. If you are standing on the street holding some sort of document up in front of you, and I come along and take a photo of your document, can you complain that I stole it? That’s the analogy, you still have the document and I have a copy of it.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  20. laworder (269 comments) says:

    I have been looking on at this whole sorry saga, and am quite aghast at the sheer sloppiness and absence of security. I work in an IT related area, and this is the IT equivalent of walking around in public with your fly down, no underwear and half a roll of dunny paper trailing out the back of your pants.

    If I did something like this with the Trust site I’d expect to be fired, and I am not even paid for that. I am very glad I have not been a Labour Party donor, at least not in the last few years

    Regards
    Peter J
    see http://www.sensiblesentencing.org.nz

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  21. ben (2,396 comments) says:

    When I set up a credit card facility on my web site, the payments provider needed to know if I intended to store credit card information. If I did, then I needed to give the payments provider a written undertaking that the data would be stored securely, which from memory meant the data must be at minimum encrypted, before they would grant me access to their service.

    I would imagine Labour would have made the same undertaking at some point, and we now know that it was, or at least became, false. This might cost them their merchant status, which would surely be significant for funds raising.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  22. ben (2,396 comments) says:

    KevinH

    If you truly believe that hacking a database for percuniary purposes is legitimate then you are a exponent of morons logic.

    What does this have to do with what has happened here, Kev? About nothing. No hacking occurred, no pecuniary advantage has been derived to anyone’s knowledge, and actually what has happened does appear to be legal.

    0 for 3, KevinH.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  23. Put it away (2,888 comments) says:

    Kevinh – hacking? Are you serious? All he did was browse publicly available web content, which is what you are doing right now. Are you “hacking” kiwiblog?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  24. nate (5 comments) says:

    There’s not a lot that can be done with the Flo2Cash (credit card processor) username/password – the online merchant facility doesn’t allow you to view cards, the worse you could do is issue refunds.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  25. side show bob (3,660 comments) says:

    All this is fantastic, you just couldn’t make this shit up if you tried.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  26. George Patton (349 comments) says:

    That Labour expects National to inform them of vulnerabilities that could damage them takes the cake.

    I don’t recall Trevor Mallard pulling Don Brash aside quietly in 2006 and saying “listen Don, there are some awful rumours going around about your private life. I suggest you be prudent and wise here because I don’t want to see this blow up in your face”

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  27. RightNow (6,669 comments) says:

    muncha1 (9) Says:
    June 15th, 2011 at 11:49 am
    I used to feel sorry for Labour about this.

    It’s starting to feel like watching a totally outclassed sports team being thrashed 100-0 with full time rapidly approaching.
    Even though you support the stronger team, you start to feel really bad for the losers and hope they at least get a penalty just for some points on the board.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  28. nzspambot (2 comments) says:

    nate – one would wonder if they left any dirs world writeable, that is the ability to upload files to their site. If they did well one could have some fun with SQL.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  29. lyndon (330 comments) says:

    That search linked to seems to have been cleared…

    And yeah, I take it it’s not the *users* card details, but what you might call Labour’s card processing authority. Also a problem for Labour, but it would make their statement as quoted not untrue.

    Not wishing to defend, etc etc.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  30. ben (2,396 comments) says:

    It’s starting to feel like watching a totally outclassed sports team being thrashed 100-0 with full time rapidly approaching. Even though you support the stronger team, you start to feel really bad for the losers and hope they at least get a penalty just for some points on the board.

    Yes. But then recall Labour brought in the EFA. Nothing that organisation ever does again will allow me to forgive them for that. When you use the levers of power to tilt democracy itself in your favour and against your opponents for the sake of another 3 years, then you forfit any right to sympathy.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  31. Nigel (511 comments) says:

    @ ben 12:03 I think you have something that Whale should follow up on, I can’t believe the initial setup was that sloppy ( surely not ). Which implies a change in setup & that opens up liability issues ??.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  32. SHG (364 comments) says:

    The only sensible response to all of this, from an IT security point of view, is basically “nuke the site from orbit”.

    - Identify every machine that’s ever been on the same network as the insecure server

    - Image the hard disks of those machines

    - Format the hard drives of all machines and reinstall from known trusted sources

    - Perform forensic analysis on the hard-disk images to try and identify the absolute worst-case scenario (e.g. “the bad guys have the passwords to everything and know every credit card number we’ve ever had”) for ass-covering

    Given that this is the only sensible option it is of course never going to happen.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  33. davidp (3,540 comments) says:

    At the very minimum, Labour need to contact all their donors and admit that their credit card details may have been compromised. There is enough uncertainty and incompetence to suggest that their credit card database might well be in the hands of organised crime (who trawl the internet specifically looking for credit card information) that they need to take this action. They must advise their donors to contact their banks, replace their cards, and examine their statements for evidence of mis-use. If Labour don’t do this then they are acting criminally with their own supporters.

    In an ideal world, Labour wouldn’t just issue the above advice, but would offer to compensate their donors for all expenses involved in replacing their cards.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  34. tvb (4,208 comments) says:

    This is serious. The labour Party will have to contact google and have this dealt with. It is a pity that this security breach got publicity. Slater should have told the labour party privately about this.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  35. peterwn (3,163 comments) says:

    PauL – “Typically a mysql database isn’t accessible from the internet, only from a local server. So I doubt you could log on. But anything’s possible.”
    But this is not typical. Labour had all sorts of things on a server visible to the internet which should just not have been there.

    Presumably Labour’s IT people, the company operating the credit card server and the credit card companies have now conducted an urgent review to determine whether any card numbers could have actually escaped.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  36. Bevan (3,965 comments) says:

    An open window is no excuse for burgling someones home, a crime is a crime regardless of the circumstances.If you truly believe that hacking a database for percuniary purposes is legitimate then you are a exponent of morons logic.

    So what you are saying is that whenever someone reads anything published on the Internet – they are stealing. So in your mind, if I read an article at the NZ Herald web site, then talk about it – I’ve stolen too.

    This is not a case of stealing, this is a case of complete dumbfuckery on the behalf of the Labour party. They effectively published this data for the world to see.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  37. djg (72 comments) says:

    nate (5) Says:
    June 15th, 2011 at 12:08 pm
    There’s not a lot that can be done with the Flo2Cash (credit card processor) username/password – the online merchant facility doesn’t allow you to view cards, the worse you could do is issue refunds

    If Nate is correct it would have been hilarious if someone had used the info to process credits and given back all of Labours donations to the donors!!!!

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  38. ben (2,396 comments) says:

    SHG

    Given that this is the only sensible option it is of course never going to happen.

    More to the point, it would cost money, and I imagine Labour really doesn’t have any of that now.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  39. lofty (1,303 comments) says:

    tvb..rubbish!

    The labour party is getting it’s comeuppance and overdue it is too.

    9 years of lying, rorting and perverting the course of justice, not to mention passing laws to tilt the playing field in your favour, is bound to come home and bite you on the arse sooner or later.
    I for one am glad to see it.
    My only regret is that the democracy suffers when there is no strong opposition.

    Hopefully a true Labour party with actual standards and morals will arise from the ashes. (I am not holding my breath)

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  40. ben (2,396 comments) says:

    Ok, so it appears to me Labour is permanently finished as an opposition party in New Zealand. A new party will have to arise in its place. What’s a good name?

    Progressive.

    Democratic.

    “Labor”.

    Liberal. Or New Liberal.

    I suppose Conservative or Republican is out, even though read literally both labels would be apt.

    New Labour is old news.

    The Secure Party? “We love encryption!”

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  41. nasska (10,680 comments) says:

    I would imagine that the same people who are now having their credit cards replaced by their banks at their own expense will be slightly less than forthcoming next time the hat gets passed around. The sheer inconvenience of using new cards will be a constant reminder of the incompetence of their political party of choice.

    Labour: short on ideas, talent, vision & now funding….roll on November.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  42. DJP6-25 (1,270 comments) says:

    KevinH 11:47am. Except ofcourse that the contents were left on the footpath, where anyone could copy them. Aint schadenfreude a bitch? :-)

    cheers

    David Prosser

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  43. berend (1,634 comments) says:

    Guys, I wouldn’t be so quick to say Labour is finished.

    Remember all those National Party supporters supposedly in favour of private enterprise, lower tax burden and less government?

    What happened?

    1. John Key misled the electorate, and made us an ETS follower. This at a huge cost to our industry and our tax payers, and a windfall for a few foresters.

    2. Family values? Correcting your kid with a light smack to avoid bigger problems down the track is still an offence.

    3. Lower tax? All National did was shift the money, it was budget NEUTRAL.

    4. It’s bailing out finance companies and insurance companies left right and center.

    5. Less government? Let’s not even get started. Government is bigger than ever.

    6. Overseas borrowing? $1 billion a month or more.

    This country is led to the brink by an excellent salesman. Does that lead the National Party supporters to abandon the party?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  44. Inventory2 (10,104 comments) says:

    tvb said

    Slater should have told the labour party privately about this.

    You think so tvb? Did anyone from Labour tell Don Brash that they had his e-mails before they started quoting from them in the House? Did Kees Keizer tell Bill English he was going to secretly record him at a party?

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  45. ben (2,396 comments) says:

    Berend, I’m sure political opposition in New Zealand is not finished. But I’m pretty sure there is an opportunity for a party other than Labour to step up to fill the vacuum Labour has created.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  46. Bevan (3,965 comments) says:


    Guys, I wouldn’t be so quick to say Labour is finished.

    Remember all those National Party supporters supposedly in favour of private enterprise, lower tax burden and less government?

    ….

    This country is led to the brink by an excellent salesman. Does that lead the National Party supporters to abandon the party?

    What makes you think those ones are going to vote Labour?

    If anything they will trend to a party on the right (although that doesn’t seem to be happening….).

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  47. Nookin (3,037 comments) says:

    If you want the appropriate analogy – go to Whale’s blog where he has a sign in full view saying something like “PRIVATE SIGN — DO NOT READ” . That sums it up perfectly. And it highlights the sheer bloody stupidity of Labour’s moaning and bitching that someone “invaded” their space. If names and credit card numbers are shown then Labour needs to replace every single card and meet the total cost.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  48. kisekiman (224 comments) says:

    Best comment over at the Standard:

    Jeremy Harris 21
    14 June 2011 at 12:56 pm

    I’m loving this, Labour couldn’t run a piss up in a brewery and the LWNJs are still defending them.

    Publishing your donor’s personal info online? It’s as stupid as talking about your new girlfriend on your facebook status….. when your wife is on your friend list.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  49. Peter (1,578 comments) says:

    New campaign slogan?

    “Let’s put our supporters credit card numbers on the web.

    Let’s not”.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  50. Peter (1,578 comments) says:

    “Stop I.T. Incompetence”

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  51. tvb (4,208 comments) says:

    Telling the Labour Party privately refers to potential victims about credit card details. The reason for doing it privately is so the information about these details being compromised, is not made public. Well that has happened, including on how to get the information and an “open” invitation for Nigerian fraudsters to get the information. That is bad. This is not about the Labour Party it is about the potential victims having their credit card details compromised.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  52. davidp (3,540 comments) says:

    tvb>The labour Party will have to contact google and have this dealt with.

    The issue isn’t just Google. I dealt with a vaguely similar case years ago when my Aussie government employer happened to have been logging electronic job applications in to a publicly accessible file on the web server before passing them to the secure back end. The first we knew about it was when a member of the public rang up to complain that they’d Googled their name and found their job application and CV. Looking at the logs and resolving IP addresses, we found something over 100 search engines crawling the site. All of these will have cached the details of Labour’s donors.

    Labour are going to have to attempt to contact all sorts of odd foreign search engines and persuade them to flush their cache. Actually, they probabbly won’t. They’ll just pretend that there is one search engine called Google and the rest don’t matter.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  53. infused (636 comments) says:

    Just checked. Still cached in many search engines.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  54. PaulL (5,873 comments) says:

    So, I think people are over reacting.

    They had a backup of all their configuration information publicly available. That backup included the username, password and uri for the sql database of their credit card provider. What isn’t clear is:
    a) could you actually use that info to log on, or was there some other security (based on IP or otherwise) that would prevent Joe average from logging on

    b) if you actually did log on, what would you see? Does it have a list of credit card numbers that it will give you, or does it just let you create new transactions.

    In short, I don’t think this is quite the smoking gun that some here think.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  55. ben (2,396 comments) says:

    PaulL, you raise a fair point. FWIW I think one reason nobody is disclosing the actual cc numbers, or admitted trying to use the sql login, is that such use would be a breach of the Crimes Act. Slater said this, I think, in his video.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  56. nasska (10,680 comments) says:

    ben

    …..”such use would be a breach of the Crimes Act.”……

    I doubt that any prospective Nigerian fraudster is going to be greatly concerned about what our legislation forbids.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  57. ben (2,396 comments) says:

    Nasska, right, exactly, but the point is that even if 100 kiwis got the login and gave it a go and got access to the database, or even if they didn’t, they have a very good reason not to tell anyone. So absence of evidence here isn’t evidence of absence, as PaulL may be thinking.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  58. davidp (3,540 comments) says:

    ben >FWIW I think one reason nobody is disclosing the actual cc numbers, or admitted trying to use the sql login, is that such use would be a breach of the Crimes Act.

    A valid concern. AusCert is an Australia New Zealand computer organisation based in the University of Queensland and sponsored by the government as a center of excellence in IT security. They run an annual conference which I’ve been to a couple of times. It is corporate rather than hacker.

    At this years conference an attendee demonstrated a vulnerability in FaceBook that allowed people to access photographs without authorisation. A journalist was at the session, reported the vulnerability, and had copies of a couple of “hacked” photos. The Queensland Police actually arrested the journalist. Incredible! Apparently the way to deal with security vulnerabilities is make talking about them illegal. That way everyone will be safe.

    http://www.smh.com.au/technology/technology-news/grubbs-story-privacy-news-and-the-strong-arm-of-the-law-20110518-1esn9.html

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  59. Viking2 (11,140 comments) says:

    djg (64) Says:
    June 15th, 2011 at 1:08 pm

    nate (5) Says:
    June 15th, 2011 at 12:08 pm
    There’s not a lot that can be done with the Flo2Cash (credit card processor) username/password – the online merchant facility doesn’t allow you to view cards, the worse you could do is issue refunds

    If Nate is correct it would have been hilarious if someone had used the info to process credits and given back all of Labours donations to the donors!!!!

    Yep well there’s some $850,000 that Clark stole and when thats done perhaps someone should visit NZ First and get our $158k back into the public purse.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  60. ben (2,396 comments) says:

    davidp – that is extraordinary. Still I suppose the trick is to know that what you’re presenting is illegal and so present it in a way that does not result in breach, like by saying a friend did the hacking and sent you the screenshots, or by not showing the hacked photos, or whatever the hooks in the law are. I suppose the police will arrest you anyway, and you’ll have to go to the trouble of explaining this to a judge, but it will at least keep you out of jail.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  61. Doug (405 comments) says:

    Will Labour have enough money left to contest the Election?

    http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10732419

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  62. lofty (1,303 comments) says:

    Doug, it is somewhat ironic that according to the whale, the total amount received by the labour party in donations, is the same amount you see in the Fred Hollows donation ad on Kiwiblogs sidebar.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  63. PaulL (5,873 comments) says:

    My argument wasn’t that nobody has said they have credit cards, therefore it didn’t happen. My argument was more that it’s unlikely that you could access credit card numbers using these details. The whole point of using an external credit card processing agency is that you never hold the credit card details, and I’m pretty sure that they won’t give you those details – if they did so, they’d be creating a hole in their own security and their business model. I don’t know that for sure, I haven’t tried. But my experience tells me it’s unlikely.

    Having said that, I would perhaps have also said it was unlikely that someone would change their web site such that the URL name returned a directory listing, and it could stay like that for 3 months without anyone noticing. My web site gets about 2 hits a day (if that), and I think someone would tell me within 3 months. I’d hope I’d notice myself.

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote
  64. somewhatthoughtful (452 comments) says:

    Wow, don’t let the facts get in the way of your agenda there DPF. That’s labours auth token for their credit card provider. They have NO access to any numbers, they’re all processed remotely. That’s actually part of PCS compliance, which you should know about given your affiliation with INNZ and various other internet groups. Those tokens will now have been changed. Wow, you and slater are just pathetic over this.

    The amount of people pretending to know what the fuck they’re talking about when they know NOTHING about web security, how sites are built, CC processing, authentication is just staggering.

    Worst part is this is the sort of thing you’re normally good at pulling other people up on….

    Vote: Thumb up 0 Thumb down 0 You need to be logged in to vote

Leave a Reply

You must be logged in to post a comment.