View Poll Results: ???
I use "remember me" function and have been able to access someone elses account
16
23.53%
I use "remember me" but have not seen anyone elses information
31
45.59%
I don't use "remember me" but I have logged into someone elses account
7
10.29%
I don't use "remember me" and haven't had any problems
13
19.12%
Other (please explain)
1
1.47%
Voters: 68. You may not vote on this poll
Curious about the DDD security hole
#3
Moderator
Thread Starter
Well there goes that theory Did you use a link provided by someone else or did you just type in the address manually and ended up in someone else's account? Also did you get to the info before or after you logged in?
#4
DVD Talk Ultimate Edition
Join Date: Aug 2002
Location: Bonney Lake, WA
Posts: 4,278
Likes: 0
Received 0 Likes
on
0 Posts
I typed in the address manually. When I went to login I also unchecked the "remember me" box. At first it logged me into my account, but when I went to log off, it put me into another persons account.
When I opened DDD this morning and went to the site it already had me logged in on somebody elses account. So, perhaps it is still trying to remember me.
This is under IE. I havn't tried using Firefox (my main browser) on it.
When I opened DDD this morning and went to the site it already had me logged in on somebody elses account. So, perhaps it is still trying to remember me.
This is under IE. I havn't tried using Firefox (my main browser) on it.
#5
Member
Join Date: Jun 2004
Location: San Francisco
Posts: 86
Likes: 0
Received 0 Likes
on
0 Posts
I wonder if the "remember me" accounts are the accounts that have been exposed to others. In other words, they're sort of never really logged off, so they show up randomly.
Edit:
I should clarify: I chose "remember me", and I have seen other's accounts, but my account has also been exposed (I recieved an email from a DDD customer an hour ago letting me know)
Edit:
I should clarify: I chose "remember me", and I have seen other's accounts, but my account has also been exposed (I recieved an email from a DDD customer an hour ago letting me know)
Last edited by Mod-Mod-World; 10-10-04 at 06:59 AM.
#8
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
I never use the "remember me" option at DDD. I only log into my account to check a open order or to place a new order. I always log out when I'm done. So far I haven't been able to view any other accounts except my own, and haven't been notified by anyone that my account was open to viewing. I should also mention that I tried IE, Avant, and Mozilla browsers with the same results.
Here is an update from my earlier post. You can add Firefox and Opera to the browser mix, and still can only access my own account. I even went to my sister's house today and tried her computer, but could only view my account.
Here is an update from my earlier post. You can add Firefox and Opera to the browser mix, and still can only access my own account. I even went to my sister's house today and tried her computer, but could only view my account.
Last edited by Laser Movies; 10-11-04 at 01:22 AM.
#9
DVD Talk Special Edition
I use the "remember me" function, but i havent seen anyone else's info. I was able to log in and out yesterday with no problems, and changed to "Bill Me Later".
I'm hoping nobody dishonest was able to see my account info, since it seems alot of PA accounts are exposed.
I'm hoping nobody dishonest was able to see my account info, since it seems alot of PA accounts are exposed.
#11
DVD Talk Special Edition
Join Date: Aug 2004
Posts: 1,716
Likes: 0
Received 0 Likes
on
0 Posts
I too use the "remember me" function, and have been able to log in/out of my account every time I've tried, with no problems whatsoever.
No seeing other people's accounts, no trouble logging out, etc.
No seeing other people's accounts, no trouble logging out, etc.
#13
DVD Talk Special Edition
I never use the remember me function and have had no problem logging in or out, nor have I been able to access anyone else's account. The issue may be that those people who are currently using the remember me option may be the accounts that are vulnerable.
Usually this sort of option only affects the client (user's) computer, as it sets a cookie on that computer to save the user's login information so he/she doesn't have to re-enter it from his/her computer when accessing the server (website). Ideally, it won't or can't affect any other computer's access to data on the server system.
But I don't know how DDD has set up this option to work with their website, so I can only speculate what (or if) that's the problem.
Usually this sort of option only affects the client (user's) computer, as it sets a cookie on that computer to save the user's login information so he/she doesn't have to re-enter it from his/her computer when accessing the server (website). Ideally, it won't or can't affect any other computer's access to data on the server system.
But I don't know how DDD has set up this option to work with their website, so I can only speculate what (or if) that's the problem.
#14
DVD Talk Special Edition
Join Date: Aug 2004
Posts: 1,716
Likes: 0
Received 0 Likes
on
0 Posts
From the look of the votes, while albeit from a small percentage of people on the site, it would seem as though well over half of the voters have had no problem.
Which is odd, because you would think that a site that has been theorized to have been hacked would have been affected completely, not just for less than half of the users.
Perhaps this is something less than a hacking, and more along the lines of the explanation being offered by DeepDiscountDVD representatives...
Which is odd, because you would think that a site that has been theorized to have been hacked would have been affected completely, not just for less than half of the users.
Perhaps this is something less than a hacking, and more along the lines of the explanation being offered by DeepDiscountDVD representatives...
#15
DVD Talk Legend
Originally posted by invisiblegt
Perhaps this is something less than a hacking, and more along the lines of the explanation being offered by DeepDiscountDVD representatives...
Perhaps this is something less than a hacking, and more along the lines of the explanation being offered by DeepDiscountDVD representatives...