The Digg Crew wants to hear your thoughts!
Please take our short survey about Digg and potential feature ideas.
How NOT to secure your website
thedailywtf.com — A sobering (and funny) tale of online security.
MrBabyMan- 4101 diggs
- digg it
- JeremyO, on 03/01/2008, -1/+153they probably changed username and password after that episode ... anyway they are:
if (form.id.value=="Agent") | if (form.pass.value=="fsg2008")
This is just awesome- jj101, on 03/01/2008, -1/+65That comment from the guy who claims to work there is hysterical!
- greeniemeani, on 03/01/2008, -3/+0They got it from google...if you look in the comments on that site, someone mentions the site it is from.
- Akaji, on 03/01/2008, -6/+4"all of you are being reported to the appropriate authorities as we have your information too."
Well, if they go directly to Ted Stevens we might actually be in some trouble... ignorance FTL. - jcostom, on 03/01/2008, -0/+10Funny indeed... Someone should inform the boy genius that his site's protection is roughly as good as protecting your front door with a padlock, and put a post-it next to the lock with the combination, written on the back of the post-it.
- RussellDovey, on 03/01/2008, -0/+13Don't worry, they changed the post-it, it's totally secure now.
- afx1, on 03/01/2008, -2/+88now it's if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") { as of this posting but the resulting page is 404
to think i wasted all that time hacking it for a 404 - cbuddha42, on 03/01/2008, -12/+2This is what I get right now:
...
if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") {
...
zzzzzz is such a great username :-P - edilclyde, on 03/01/2008, -19/+6with all those money in their scams.. atleast they should invest in MySQL and hire a better programmer
- BlackCow, on 03/01/2008, -1/+56Ah yes invest in the ever so "expensive" MySQL.
- KloroFormd, on 03/01/2008, -3/+5Time is money...
- Akaji, on 03/01/2008, -1/+25Yeah, but 10 minutes isn't worth a lot of money.
- AntzNZ, on 03/01/2008, -2/+11You don't know what you're talking about, do you?
- HonoredMule, on 03/01/2008, -1/+10What do you mean /better/ programmer? That implies they have one.
- elwell, on 03/03/2008, -0/+1or not even have a website.
- BlackCow, on 03/01/2008, -1/+56Ah yes invest in the ever so "expensive" MySQL.
- cyb3rdemon, on 03/01/2008, -3/+49By the way, security through javascript is possible. You just need to use a hash, a strong password, and encrypt the url with the password.
Pseudocode:
if md5(password)=="5f4cb82cd3c31a528f449eb113d54d8f"
goto("http://website.com/admin/" + decrypt(password, "H4K72gkA4b"))
else alert("wrong password")- KibibyteBrain, on 03/01/2008, -0/+28Just make sure you do it over SSL to prevent man-in-the-middle interception of the decrypted url.
- HonoredMule, on 03/01/2008, -11/+1Haha...SSL is way more costly in terms of computing power and expertise than a simple server-side script providing pages only to logged-in users, or even just apache authentication.
- afx1, on 03/01/2008, -0/+3wow
- strangewill, on 03/01/2008, -0/+8Step 1: Learn about network security basics
Step 2: Come back and see if your opinion has changed.
- HonoredMule, on 03/01/2008, -11/+1Haha...SSL is way more costly in terms of computing power and expertise than a simple server-side script providing pages only to logged-in users, or even just apache authentication.
- HonoredMule, on 03/01/2008, -0/+14That's still pretty vulnerable to reversing, especially since you have everything you need to brute force client-side...not to mention a silly over-complication that isn't necessary for a website with a clue.
- rlbond86, on 03/01/2008, -1/+11Nice try, but this doesn't work. (Your password is "?????".) There are rainbow tables for MD5 hashes online.
A good way to avoid this problem is salt:
if md5("H349$#$FE59+" + password)=="5f4cb82cd3c31a528f449eb113d54d8f"
This will protect against rainbow tables.- HonoredMule, on 03/01/2008, -5/+4How is that supposed to help? The point of a salt is that it's never seen because it's server-side and never crosses the network (or gets stored in a potentially hackable database), making the hash alone useless. This might take longer to reverse (and an extra check on the results), but it'll probably also have fewer matching candidates of a feasible length.
- rspeed, on 03/01/2008, -0/+6Yes and no. If the salt is sufficiently random it's completely effective, since it wouldn't show up in a rainbow table.
- SuperCow1127, on 03/01/2008, -0/+5@HonoredMule
I'm afraid you're mistaken. In a digest encryption scheme, the salt MUST be sent in clear text across the network. Verification based on the fact that only someone with the correct salt AND the correct password could produce the correct hash. Since the salt changes every time an entity is authenticated, it must be transmitted in clear text to the authenticatee (I think I made that word up), or else how would they know how to build the hash? The _password_ is the part that's server side and never seen.- HonoredMule, on 03/01/2008, -1/+1The salt could be dynamic, but here is a static string. Whether the salt is sent to the client or the password sent to the server, the system is still vulnerable to man-in-the-middle attacks without (and technically, but not feasibly, with) an encrypted connection.
1: Send unique salt to client, tell client what hash algorithm to use, client returns hash value -> use rainbow tables to reverse hash, picking out candidates that include the salt. Extract the password portion of the reversed string, and test it with whatever salt the server gives you.
2: Expect encrypted or clear password directly (over an encrypted connection, assuming you're not completely stupid) -> sniff the password as the man-in-the-middle (assuming you ARE completely stupid).
There is an advantage to doing it this second way though, and that's that no one has to know the ACTUAL password. The server can just store the static salt as a private constant in a non-web-accessible file, and put the expected hash values in the database as the expected password. Now hackers have to get into the database before they can even try reversing hashes, and would need to successfully sniff out many successful login attempts to many different accounts before having a shot at the salt. - HonoredMule, on 03/01/2008, -1/+1Not only does rlbond's code perform neither of these methods correctly, it nods more towards the first method than the second...ignoring the relative reliability of SSH to protect private communications, while databases are still a much more vulnerable point of attack (on the average server). A database attack is far more worrisome than the compromise of individual accounts when ALL your client's passwords are stored in plaintext.
Then there's the flat reality that most passwords are acquired through keyloggers and social engineering/phishing scams anyway... - HonoredMule, on 03/01/2008, -1/+1...of course by SSH I meant SSL...
- SuperCow1127, on 03/01/2008, -1/+2You've missed the point of salting again. The digest sent from the client to the server is of the password and the hash together. The rainbow table would have to be enormous to account for all possible salt+password values (it's not uncommon to see salts over 32 _bytes_ long). You almost got the problem though; even though a rainbow table isn't feasible (you don't save any time pre-generating the table) a classic brute force attack will still be as effective as the password is weak (assuming you've intercepted a successful login). Of course, the problem in the article was that the verification was compromised without monitoring a successful login first.
- HonoredMule, on 03/01/2008, -1/+1Dude, I get it just fine. I'm simply pointing out than in ANY scenario where a man-in-the-middle can sniff anything at all, he gets either the password from the client, or the salt from the server AND the hash from the client, which IS sufficient to reverse the hash, assuming the password itself is a normal length and you've got the rainbow tables for the expected range in length of password+salt.
You need to lose the pedantically academic approach and realize this ***** has to apply to REAL LIFE. The POINT of salting is not defined by you or standard practices, but by the objective/needs of the system using it. - HonoredMule, on 03/01/2008, -0/+1And thank you for bringing the article back up...the supposed topic being discussed.
It's not that I don't get what you're talking about, it's that I'm not talking about the same thing. You're pushing "digest encryption scheme" (which is just a specific implementation of an academically-defined secure login process anyway). And I'm talking about protection of secure login information, a box with far less rigidly defined walls, but with broader real world meaning, and the one that's actually relevant to a site that doesn't know how anything about security at all, let alone secure logins specifically. - rlbond86, on 03/01/2008, -0/+4You are correct. I said that salt protects from RAINBOW TABLES. This is true -- a rainbow table will not be able to break this. A brute-force attack would.
I do acknowledge that this doesn't take into account any sort of man-in-the-middle attack, but the point was to demonstrate that the initial code itself is insecure, not even counting external attacks.
- HonoredMule, on 03/01/2008, -1/+1The salt could be dynamic, but here is a static string. Whether the salt is sent to the client or the password sent to the server, the system is still vulnerable to man-in-the-middle attacks without (and technically, but not feasibly, with) an encrypted connection.
- HonoredMule, on 03/01/2008, -5/+4How is that supposed to help? The point of a salt is that it's never seen because it's server-side and never crosses the network (or gets stored in a potentially hackable database), making the hash alone useless. This might take longer to reverse (and an extra check on the results), but it'll probably also have fewer matching candidates of a feasible length.
- tempusrob, on 03/01/2008, -0/+6Or you could just set up a friggin .htaccess file.
- SuperCow1127, on 03/01/2008, -2/+3Not to mention the fact that you're still relying on the client to do all the verification. What's to stop me from just copying the website URL out of the page source and typing it in myself? Rule #1 of secure coding is never never NEVER trust the client. The fact that a mostly technical audience is digging you up is a frightening demonstration of the security stance in the world today.
- cyb3rdemon, on 03/01/2008, -0/+1The URL's encrypted, that's what's stopping you. And you need the password to decrypt it.
- SuperCow1127, on 03/01/2008, -0/+2Thanks, I realized that after my edit time expired. However, you're still giving too much information to the client, as both the MD5 sum used to verify the password, and the encrypted URL are both vulnerable to local attacks.
- cyb3rdemon, on 03/01/2008, -0/+1The URL's encrypted, that's what's stopping you. And you need the password to decrypt it.
- svivian, on 03/02/2008, -0/+1Or use Opera's source editor (Firebug might do the job as well) and remove the password checking from the JS. I've hacked a web site doing that. Client-side validation literally has zero security.
- KibibyteBrain, on 03/01/2008, -0/+28Just make sure you do it over SSL to prevent man-in-the-middle interception of the decrypted url.
- condormcs, on 03/01/2008, -0/+71you hacked our site!? You can't do that! It's SECURE!
- stuffradio, on 03/01/2008, -1/+5New url to their agents url:
http://www.federalsuppliers.com/warning.html
This site is reserved for Federal Procurement Officers only.
There is an emphasis on only. :D
if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") {
Still a 404 though :( - razzfer, on 03/01/2008, -7/+1Registrant
Jim Sprecher
Jim Sprecher
jim@countrysidepublishing.com
PO Box 1735
Oldsmar, FL 34677 US
+1.8139250195
(FAX)
Administrative
Countryside Publishing Company
Countryside Publishing Company Inc.
jim@countrysidepublishing.com
3135 SR 580 Suite 6
Safety Harbor, FL 34695 US
+1.7277263400
(FAX)
Billing
Countryside Publishing Company
Countryside Publishing Company Inc.
jim@countrysidepublishing.com
3135 SR 580 Suite 6
Safety Harbor, FL 34695 US
+1.7277263400
(FAX)
Technical
Countryside Publishing Company
Countryside Publishing Company Inc.
jim@countrysidepublishing.com
3135 SR 580 Suite 6
Safety Harbor, FL 34695 US
+1.7277263400
(FAX)
Record created on May 18, 1997
Record last updated on November 13, 2006
Record expires on May 19, 2008
Domain Name Servers:
NS.RACKSPACE.COM
NS2.RACKSPACE.COM- bradleyland, on 03/01/2008, -0/+3Who cares? This company hasn't done anything "wrong". They just did a ***** job of securing their web page, and sell crappy advertising.
Caveat emptor, etc.- ccheath, on 03/01/2008, -0/+1sounds like they're a scam company to me
caveat emptor, of course, as always
however, they're pretty slimy it seems to me
what did give me a laugh, though, was their address : safety harbor- bradleyland, on 03/02/2008, -0/+2No, it's only a scam if they take money for a product they don't deliver. You can be reasonably assured that the directory does exist (at least it did before the whole incident outlined in TFA), and advertisers names appeared in it. It's just that no one looks at the directory.
If I sell billboard advertising space in the middle of the Sahara, and someone fool is enough to rent the space from me, am I running a scam? - ccheath, on 03/03/2008, -0/+1...whatever, i get your point
- bradleyland, on 03/02/2008, -0/+2No, it's only a scam if they take money for a product they don't deliver. You can be reasonably assured that the directory does exist (at least it did before the whole incident outlined in TFA), and advertisers names appeared in it. It's just that no one looks at the directory.
- ccheath, on 03/01/2008, -0/+1sounds like they're a scam company to me
- bradleyland, on 03/01/2008, -0/+3Who cares? This company hasn't done anything "wrong". They just did a ***** job of securing their web page, and sell crappy advertising.
- jj101, on 03/01/2008, -1/+65That comment from the guy who claims to work there is hysterical!
- techweenie1, on 03/01/2008, -1/+501You're not supposed to look at the page source you HACKER!!!!
- Akaji, on 03/01/2008, -2/+53Crap, that means I've been a hacker for the last 10 years... I sure hope the feds don't come after me. /paranoid
- Voyagerfan5761, on 03/01/2008, -8/+2Heh, by that definition I've been hacking for about five years. Page source is always available whether you look at it or not. Now I wonder why Google has all those obfuscated class names and JavaScript in Gmail...
- epiffffany, on 03/01/2008, -0/+11They do that to save bytes. There are plenty of tools available to help such as http://www.crockford.com/javascript/jsmin.html
If you're serving millions of users a day, those bytes add up and equate to serious savings. Not to mention smaller file sizes = faster downloads, less pressure on your cache clusters as well as making the experience feel "snappier" to the user.
- epiffffany, on 03/01/2008, -0/+11They do that to save bytes. There are plenty of tools available to help such as http://www.crockford.com/javascript/jsmin.html
- Voyagerfan5761, on 03/01/2008, -8/+2Heh, by that definition I've been hacking for about five years. Page source is always available whether you look at it or not. Now I wonder why Google has all those obfuscated class names and JavaScript in Gmail...
- sarge96, on 03/01/2008, -0/+7Someone ought to take a look at the form:
http://www.federalsuppliers.com/form.html- Voyagerfan5761, on 03/01/2008, -0/+4Nice IP address, guys. :-D Perhaps this would be more credible if you used an actual domain name? Oops, gave them ideas. :D
- derekivey, on 03/01/2008, -1/+16Someone should sign them up for a bunch of spam lists!
FORM ACTION="http://64.58.216.181/cgi-ipad/polyform.exe/federal ..." METHOD="POST"
INPUT TYPE=HIDDEN NAME="recipient" VALUE="info@federalsuppliers.com"
INPUT TYPE=HIDDEN NAME="recipientbcc" VALUE="fsginfo@microd.com"
- AZNL473ncy, on 03/01/2008, -0/+1Oh yeah I guess I'd better put that TFH (plus the TF Suit) back on.
- t0ny, on 03/01/2008, -1/+32I got in trouble for doing just that in high school and they even called my mom and told her I was hacking google.com.
- dandelionmood, on 03/01/2008, -1/+24But, if you google google, you may break the Internet !
- GibitStylin, on 03/01/2008, -0/+8So by following the standards that say viewing a page source is hacking, is directory dropping hacking too?
- Cavaleiro, on 03/01/2008, -2/+1Rofl, it seems too.
- Akaji, on 03/01/2008, -2/+53Crap, that means I've been a hacker for the last 10 years... I sure hope the feds don't come after me. /paranoid
- thenativeraver, on 03/01/2008, -2/+34It looks like they too the page down
http://officers.federalsuppliers.com/agents.html - thenativeraver, on 03/01/2008, -0/+115Even though they took everything down, google see's all.
http://www.google.com/search?q=+site:federalsuppli ...- DroogInPhoenix, on 03/01/2008, -1/+9Copyright© 2006 Omega Publishing | All Rights Reserved | Toll Free: 800-454-1270
- elwell, on 03/03/2008, -0/+1http://64.233.169.104/search?q=cache:ZcNupjzvxp0J: ...
says that their corporate office is at:
334 East Lake Rd #223
Palm Harbor, FL 34685-2427
the road shows up on google maps, but not address 334.
- grodrigu, on 03/01/2008, -10/+173I wish hacking was always this easy.
- n0xin, on 03/01/2008, -1/+24Does anyone remember howtohack.com from the late 90's? Its first level was doing exactly this.
- Gimpishi, on 03/01/2008, -0/+2http://www.hackthissite.org/ is the newest similar thing i can think of...
- 0xception, on 03/01/2008, -21/+3your obviously not a hacker
- Tenlow, on 03/01/2008, -5/+27You're obviously not a proper grammar enthusiast.
- 0xception, on 03/01/2008, -4/+5correct.
- 0xception, on 03/01/2008, -1/+2I feel like my first post requires some explaining. It was a joke... all be it a bad one. Because a hacker is someone who is interested in taking things apart to see/lean/examine how things work. If all security was this simple what fun would there be in hacking?
- 471776, on 03/01/2008, -1/+12Albeit. It's a word.
- 0xception, on 03/02/2008, -0/+2don't be a betch. let me barrow that top!
- 0xception, on 03/01/2008, -4/+5correct.
- Tenlow, on 03/01/2008, -5/+27You're obviously not a proper grammar enthusiast.
- Cavaleiro, on 03/01/2008, -6/+0Rofl, easy? This is totally easy, i guess!
- n0xin, on 03/01/2008, -1/+24Does anyone remember howtohack.com from the late 90's? Its first level was doing exactly this.
- jj101, on 03/01/2008, -143/+5hello
Hello dear one,How are you doing in life, I Want to introduce my self to you before i could go further, I am a blessing by name From the Continent of africa presently in Senegal dakar west africa , i came accross your profile which really sound so interesting as well spoke fine of you so i decided to drop a note to let you know that i am intrested in you for serious long term relationship . Please i will like you to email me back in my email address so that i can send you my photos and tell you more about myself .
This is my email blessinglove25@yahoo.co.uk
i am waiting to get a reply from you.
THANKS.
blessinghello- Zarokima, on 03/01/2008, -1/+56Why does an African have a UK email?
- dawpa2000, on 03/01/2008, -0/+20Because they ran out of African email addresses
- chousho, on 03/02/2008, -0/+1Oh snap, are you telling me it's too late to register that Zimbabwe domain name I've had my eye on? I was so hoping for mybffjill.zw, too :(
- AndreiOttawa, on 03/01/2008, -0/+24WTF was that?
- techmaster, on 03/01/2008, -5/+30Buried as inaccurate... If it was really posted by an African, every other word would be "click"
- AntzNZ, on 03/01/2008, -0/+13Do I get money????
- wiifm69, on 03/01/2008, -2/+11/sends goatse image to blessinglove25@yahoo.co.uk
- PurpleSfinx, on 03/01/2008, -0/+4Believe it or not, I never actually thought of doing that to spammers. Thanks! :)
- HonoredMule, on 03/01/2008, -1/+5Don't. It'll just get your email address marked as one being read by an actual person by automatic response processing filters.
- PurpleSfinx, on 03/01/2008, -0/+4Believe it or not, I never actually thought of doing that to spammers. Thanks! :)
- lyssword, on 03/01/2008, -0/+5do I pay you $10000 for shipping so that you'll give me $1mil of my fortunes ? That' seems like a good deal.
- jj101, on 03/01/2008, -8/+4I posted this as a joke - I am guessing you all saw it all over that previous post. This article was about securing your site... Oh well. The reactions are great. I'm gonna try it again.
- Zarokima, on 03/01/2008, -1/+56Why does an African have a UK email?
- brendanryder, on 03/01/2008, -50/+5LAWLS
what a bunch of *****
i hope someone gets fired- elijahsnw, on 03/01/2008, -3/+3What about this comment ensured that it was met with such overwhelming displeasure? Was it the use of the now cliched "lawls" or the use of the often frowned upon "c" word... i just wonder.... seemed like the type of comment that i wouldn't feel strongly enough to stop and go either way with yet some were obviously offended enough to share their displeasure... I wonder why.....
- HonoredMule, on 03/01/2008, -0/+6Yes.
All those reasons, as well as the lack of any meaningful content adding to the discussion. These comments are especially offensive when you know that each empty comment like that froze up Firefox for an extra half-second while the page loaded.
- HonoredMule, on 03/01/2008, -0/+6Yes.
- elijahsnw, on 03/01/2008, -3/+3What about this comment ensured that it was met with such overwhelming displeasure? Was it the use of the now cliched "lawls" or the use of the often frowned upon "c" word... i just wonder.... seemed like the type of comment that i wouldn't feel strongly enough to stop and go either way with yet some were obviously offended enough to share their displeasure... I wonder why.....
- gbarberi, on 03/01/2008, -0/+48Is there a name for this scam yet? I know it's old, but I'm not aware of any actual name for it.
Give us some money and we'll put you in this book. I've gotten a few things to my address informing me that I'm "eligible" for inclusion in some silly professional guides. A little research on the internet let me know these things were scams. College students, as well, have been targets. Although, for them, there are some legit ones.- udflyers, on 03/01/2008, -0/+29I think they call it "vanity publishing". It's not illegal, just misleading. The "Who's Who" books and Yellow Pages web sites are two similar scams to this one.
- anagoge, on 03/01/2008, -0/+3I've just realised from your comment that I've been duped by something exactly like this after paying £60 to be included in a book. I feel like an idiot.
- Inverno, on 03/01/2008, -0/+9There's tons of these for writers too. If you ever publish a story or poem on the internet except to get exciting offers from glamorous publishers.
- jimshady, on 03/01/2008, -7/+7except != expect
I hate that one.- Inverno, on 03/02/2008, -0/+2Oops, sorry. I didn't realize I typed the wrong word. I'm not even sure how it happened since both words have completely different applications. This happens enough for you to hate?
- jimshady, on 03/01/2008, -7/+7except != expect
- sabach, on 03/01/2008, -0/+8I get a lot of calls in my office from companies who want to "confirm the information we have on file regarding your technology infrastructure". I usually tell them we don't participate in such surveys and please don't call again. If I have a hair up my ass I rudely interrupt and say "Our technology infrastructure? Nobody is authorized to give that out but me and I KNOW I didn't give it to you. Who did you get this information from? I REALLY need to have a talk with them." The conversation goes downhill fast from there.
- pixelfishfood, on 03/01/2008, -0/+1When I was a high school senior (then again as a college senior), I got repeated offers to be in something called "Golden Key International." They claim to be an honors society, but they spam market and require money to join. In my book, that's a scam.
- Azselendor, on 03/01/2008, -0/+1I've been called by these guys, we strung them along for months with the word maybe.
They stopped calling when I started asking for Return of Investment information, client references I can confirm, and which government offices they have access to.
all of which they refused.
- udflyers, on 03/01/2008, -0/+29I think they call it "vanity publishing". It's not illegal, just misleading. The "Who's Who" books and Yellow Pages web sites are two similar scams to this one.
- ha1f, on 03/01/2008, -5/+122How is this sobering? The programmer for this site was/is obviously a ***** retard.
- Phatt138, on 03/01/2008, -1/+45...sobering to realize that there are that many ***** retard admins in the world...
- HonoredMule, on 03/01/2008, -0/+2How many, three quarters of one? I'd be willing to bet there are actually many more.
- strangewill, on 03/01/2008, -0/+1There are a whole ***** bunch, you'd be surprised how many people running a Windows mail server get confused at the idea of defragging, and will call up tech support complaining that software has eaten their server and now it's slow, few hours of arguing that it isn't the software and one defrag later, everything is perfect.
- HonoredMule, on 03/01/2008, -0/+2How many, three quarters of one? I'd be willing to bet there are actually many more.
- Scrappy1850, on 03/01/2008, -0/+7smarter than all the business owners that paid him $600
- Phatt138, on 03/01/2008, -1/+45...sobering to realize that there are that many ***** retard admins in the world...
- sethkinast, on 03/01/2008, -1/+41Haha, the new username and password is now zzzzzz and fffxxx :D but the page itself is now offline.
- rockwellpa, on 03/01/2008, -2/+8http://www.federalsuppliers.com/warning.html
- SSUK, on 03/01/2008, -0/+5agents.html is now gone, I think that's what he was referring to.
- rockwellpa, on 03/01/2008, -2/+8http://www.federalsuppliers.com/warning.html
- Birks, on 03/01/2008, -0/+63I love the post from the guy saying that the website is ruining his business... maybe he has been making a living at it for 10 years, but that doesn't make it any less of a scam.
- clickwir, on 03/01/2008, -0/+14yea really! How unprofessional of them. They sound like a group of 15 year old girls hate posting on each others myspace pages.
- Condemned, on 03/01/2008, -34/+19This is why you shouldn't outsource your programming jobs to India.
- atdigg, on 03/01/2008, -9/+79Hmm, maybe that's why you SHOULD outsource your programming jobs to India... I doubt a well schooled Indian would make such a mistake.
- FatLoser, on 03/01/2008, -6/+21I take it you've never had to support an app that was outsourced on the cheap.
- poyboy, on 03/01/2008, -5/+12AMEN!
- Billaeon, on 03/01/2008, -4/+3 Ugh, +1
- greeniemeani, on 03/01/2008, -1/+3But...but...you're a fat loser!
- FatLoser, on 03/01/2008, -6/+21I take it you've never had to support an app that was outsourced on the cheap.
- blckt, on 03/01/2008, -0/+27More like this is why you shouldn't outsource your programming jobs to Mississippi.
- atdigg, on 03/01/2008, -9/+79Hmm, maybe that's why you SHOULD outsource your programming jobs to India... I doubt a well schooled Indian would make such a mistake.
- donkeySays, on 03/01/2008, -3/+91This is what happens when you don't realize internet is serious business. Don't let your neighbor's 11 yr old whizkid maintain you website. Get a professional.
- Awspire, on 03/01/2008, -13/+6Damn right its serious business. In 07, web advertising revenues was found to be on par with TV (21 billion). So getting your business online is no longer some novelty, its essential to business growth.
Frinngin cable providers need to get off their ass and start providing an integrated web browser with their cable service, that can be easily accessed while watching TV. When that happens, you'll see web advertising revenues surpass TV, though that might be the reason were not seeing a cable provided browser.
If Google wanted to expand their advertising, they should spend some of their millions to bring web browsing easily to the TV, maybe via some add-on piece of hardware inexpensively sold.- Hanzo, on 03/01/2008, -3/+2Why was this dugg down? The guy makes a good point.
- ptemple, on 03/01/2008, -2/+1Perhaps because television service providers have been providing text based services and advertising for decades, first via teletext and then via the web coated by a veneer called 'Interactive TV'. I remember writing browser software for set-top boxes over a decade ago. The problem, not solved by their numerous failed 'walled garden' content areas, is what is in it for the TV company that makes it worth it enough for them.
Phillip.
- ptemple, on 03/01/2008, -2/+1Perhaps because television service providers have been providing text based services and advertising for decades, first via teletext and then via the web coated by a veneer called 'Interactive TV'. I remember writing browser software for set-top boxes over a decade ago. The problem, not solved by their numerous failed 'walled garden' content areas, is what is in it for the TV company that makes it worth it enough for them.
- Hanzo, on 03/01/2008, -3/+2Why was this dugg down? The guy makes a good point.
- Phatt138, on 03/01/2008, -0/+100Your neighbor's 11 yr old whizkid would never make this kind of mistake.
- Syphon8, on 03/01/2008, -0/+55Your neighbours 11 yr old Frontpage expert, on the other hand...
Stop giving wizkids a bad name.- adooga, on 03/01/2008, -0/+7That would be your 50 year old guitar playing neighbour.
- sarge96, on 03/01/2008, -9/+3Damn straight I wouldn't. And I'm 15, TYVM.
- Florence44, on 03/02/2008, -0/+0You are hired.
- greenawlives, on 03/01/2008, -1/+5Ditto...Under 18 here and I'd server-side that code if I were the whizkid. Some of us whizkids actually think about what our code...
- Syphon8, on 03/01/2008, -0/+55Your neighbours 11 yr old Frontpage expert, on the other hand...
- Nougat, on 03/01/2008, -17/+4http://www.internetisseriousbusiness.com
- Voyagerfan5761, on 03/01/2008, -3/+4Stupid site, Nougat! Please don't post links to that.
- Awspire, on 03/01/2008, -0/+2Get it, learn it, love it...
https://addons.mozilla.org/en-US/firefox/addon/722 - Nougat, on 03/01/2008, -0/+2Hey, someone said "internet is serious business" - how could I not?
- Awspire, on 03/01/2008, -0/+2Get it, learn it, love it...
- TH3W1R3D, on 03/01/2008, -0/+3Douche
- Voyagerfan5761, on 03/01/2008, -3/+2TH3W1R3D's comment is ++'d but mine is --'d? I don't get it... They say the same thing, albeit in different ways.
- Awspire, on 03/01/2008, -0/+2++'d = dugg up
--'d = dugg down
Life is confusing enough, keep it simple. BTW, why be polite to some ass trying to script your browser into oblivion, which is probably why your getting dugg down.
- Awspire, on 03/01/2008, -0/+2++'d = dugg up
- Voyagerfan5761, on 03/01/2008, -3/+2TH3W1R3D's comment is ++'d but mine is --'d? I don't get it... They say the same thing, albeit in different ways.
- Voyagerfan5761, on 03/01/2008, -3/+4Stupid site, Nougat! Please don't post links to that.
- michaelschade, on 03/01/2008, -8/+3A little stereotypical to age groups. It's people like you that should truly be barred from the Internet - someone's age certainly does not rank their intelligence level, nor their maturity level.
Thanks for promoting bad behavior.- Wangeye, on 03/01/2008, -1/+5seriously dude.... sarcasm...
- cyb3rdemon, on 03/01/2008, -6/+5Yeah, right. When I was 11, I knew better than that, so stop being ageist.
Young programmers FTW.- chousho, on 03/02/2008, -0/+1When I was 11 I knew about GI Joes and Transformers.
You kids! *shakes fist*
- chousho, on 03/02/2008, -0/+1When I was 11 I knew about GI Joes and Transformers.
- canthraxp, on 03/01/2008, -1/+9Probably he had a diploma with "Frontpage Webmaster" written on it. Probably with crayon. That convinced them to hire him.
- condormcs, on 03/01/2008, -0/+1with a diploma such that who wouldn't?
- Awspire, on 03/01/2008, -13/+6Damn right its serious business. In 07, web advertising revenues was found to be on par with TV (21 billion). So getting your business online is no longer some novelty, its essential to business growth.
- rynTAU, on 03/01/2008, -0/+173check out the comments on that site, at the bottom.. "thank you hackers for trying to destroy federal suppliers guides reputation. have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions."... haha
- derekivey, on 03/01/2008, -0/+61LOL!
"sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better."- wrillo, on 03/01/2008, -0/+24Its funny because they really have no ***** idea!
- SSUK, on 03/01/2008, -1/+13U HAK UZ? WE HAK U 2!!!!!111
- gooberfishbowl, on 03/10/2008, -1/+0Ah, more reasons to hate this company. They employ people who use 'should of' when they mean 'should have'.
- derekivey, on 03/01/2008, -0/+61LOL!
- SquigglyP, on 03/01/2008, -1/+39I wonder... is it more entertaining that this scam artist got 'hacked' so easily, or that he probably paid someone else a ***** of money to make him a 'secure' website.
- lukedinan, on 03/01/2008, -1/+213thats like hiding your key in the lock
- oolatin79, on 03/01/2008, -0/+42or like using one of those school combination locks and leaving the combo sticker on the lock....
- digitalxn3, on 03/01/2008, -1/+10Hahah I did that. First day of school, I come back at lunch time and my locker was open and no lock.
Laughed so hard. - fxu1989, on 03/01/2008, -0/+4I know I put your things in my locker .. but...
IT WAS A MISTAKE OK!?!?!?!
stop picking on me .. I thought it was over long ago :( ...
- digitalxn3, on 03/01/2008, -1/+10Hahah I did that. First day of school, I come back at lunch time and my locker was open and no lock.
- vdog, on 03/01/2008, -1/+19Or having the combination 12345 on your luggage.
Wait, that's my combination. - PurpleSfinx, on 03/01/2008, -8/+2That *S* hiding your key in the lock! It was right in the script/code/whatever. Hahaha. There's really no worse way of securing your website.
- oolatin79, on 03/01/2008, -0/+42or like using one of those school combination locks and leaving the combo sticker on the lock....
- cquilliam, on 03/01/2008, -1/+13I've seen stuff like this plenty of times. I remember a "company" coming across some poetry i wrote before and wanted to include one of my poems in their new book. The catch was, I had to purchase a copy of the book. lol
- meridian300, on 03/01/2008, -2/+4Hey I have a book with some poetry i wrote in it! had to buy it though =(
- geobay, on 03/01/2008, -0/+11That's actually a pretty well known scam.
I've known a few who have fallen for it.- anagoge, on 03/01/2008, -0/+1I fell specifically for this scam. But I've never realised until now that it was a scam.
- geobay, on 03/01/2008, -0/+11That's actually a pretty well known scam.
- blckt, on 03/01/2008, -0/+8My sister fell for that, my parents paid like $200 for a crappy book of 3rd graders poetry after she "won" a contest
- PurpleSfinx, on 03/01/2008, -0/+7Don't they usually PAY YOU to use your writing in a book? I mean I feel sorry for your sister, but what were your parents thinking? I don't even like doing surveys without getting something in return.
- Nougat, on 03/01/2008, -0/+2That was poetry.com as I recall.
- maelstromwar, on 03/01/2008, -3/+3LOL! You write poetry?
- purzzzell, on 03/01/2008, -0/+1I've had to discourage people from buying the book when they were so ecstatic to hear that they "got published". *sigh*
What's really bad is the people that are given the chance to "attend the national convention" or whatever - google poetry.com scam and you'll find stories about how their poems were judged, poor planning, and a blatant rip-off - basically, at that point, the company has all they'd get out of you and just had to live up to the slightest of the advertising.
- meridian300, on 03/01/2008, -2/+4Hey I have a book with some poetry i wrote in it! had to buy it though =(
- chowmeined, on 03/01/2008, -0/+63They should upgrade to ROT26.
- xerigen, on 03/01/2008, -12/+4Wow, did they ask their 11 year old nephew to come up for the "security" for them?
- cyb3rdemon, on 03/01/2008, -1/+7First, someone already posted that several posts above (including the exact age 11).
Second, when I was 11, I knew better than that.
Being ageist is bad.
Shamelessly copying from someone being ageist is worse.- xerigen, on 03/01/2008, -1/+1I didn't read all the comments above without posting. I did not actually copy that dudes comment. Secondly, I'm not being "ageist", but when I was 11 I thought I was badass because I could write html and I would have come up with the same kind of script back then just to look cool.
- cyb3rdemon, on 03/01/2008, -1/+7First, someone already posted that several posts above (including the exact age 11).
- grangeryoung, on 03/01/2008, -4/+60/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") {
location="http://officers.federalsuppliers.com/agents.html"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
I love it, can't stop laughing.- FatLoser, on 03/01/2008, -3/+31i stopped laughing after if ound out I caught herpes from my cousin
- KloroFormd, on 03/01/2008, -2/+31I can't stop laughing after I heard you caught herpes from your cousin.
- fxu1989, on 03/01/2008, -1/+1I stopped laughing after scientists discovered that herpes is now airborne.
- Aensland, on 03/01/2008, -4/+3But it's the experience that counts, amirite?
;p - mhuggins, on 03/03/2008, -0/+1me too :(
- KloroFormd, on 03/01/2008, -2/+31I can't stop laughing after I heard you caught herpes from your cousin.
- Voyagerfan5761, on 03/01/2008, -11/+0I used to have security through JavaScript on one of my personal sites. It's since been upgraded to server-side checking. This trick won't work on it. :D
- BlackAdderIII, on 03/01/2008, -0/+1We would like to include your fictional person, "Voyagerfan5761", in our new book of people who can't be real.
On the condition you buy a copy for $300, of course.
- BlackAdderIII, on 03/01/2008, -0/+1We would like to include your fictional person, "Voyagerfan5761", in our new book of people who can't be real.
- SolidSnake24, on 03/28/2008, -0/+1This is the type of script i would use for my "beginners" course on Object-Oriented Programming!
- FatLoser, on 03/01/2008, -3/+31i stopped laughing after if ound out I caught herpes from my cousin
- tthatfreak, on 03/01/2008, -1/+76Who wouldn't invest in a company that uses this animated gif on their site?
http://www.federalsuppliers.com/images/money.gif
I use the word "animated" very loosely.- passedoutghost, on 03/01/2008, -0/+30I just realised I could make the money stop flowing if I hit the "esc" key in firefox. :O
- DDRRE, on 03/01/2008, -1/+15omg
(really, didn't know that :) ) - Voyagerfan5761, on 03/01/2008, -1/+8That's an obscure Firefox feature that stops all animated GIF images on the page. It works for any GIF.
- Edan25, on 03/01/2008, -0/+11And I thought it only works for the flowing money.
- DDRRE, on 03/01/2008, -1/+15omg
- BlackAdderIII, on 03/01/2008, -0/+9Dugg up for teaching me something. Thanks.
- passedoutghost, on 03/01/2008, -0/+30I just realised I could make the money stop flowing if I hit the "esc" key in firefox. :O
- Logistics1, on 03/01/2008, -1/+30Web Server at federalsuppliers.com
!--
- Unfortunately, Microsoft has added a clever new
- "feature" to Internet Explorer. If the text of
- an error's message is "too small", specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. You can turn that off,
- but it's pretty tricky to find switch called
- "smart error messages". That means, of course,
- that short error messages are censored by default.
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment like this to push it
- over the five hundred and twelve bytes minimum.
- Of course, that's exactly what you're reading
- right now.
-->
Well... there goes tonights fun. *sigh*
Oh well, back to the movie. *grabs my beer*- lyssword, on 03/01/2008, -2/+3well pass is still zzzzzz pass fffxxx but they have taken that page down
- Cine, on 03/01/2008, -0/+2I've seen that in the source of many other domains as well. I don't think it's unique. (example: the notpr0n riddle.)
- bthug7, on 03/01/2008, -1/+2Sobering... More like BADASS!
- someone173406, on 03/01/2008, -0/+185You can't hack me, I have norton!
- coollettuce, on 03/01/2008, -1/+21I've actually heard that from someone before.
- someone173406, on 03/01/2008, -0/+9I have a friend who thinks norton can protect his computer from spyware ( I managed to convince him wrong.). Meanwhile, his laptop is still unbootable from viruses, and when it worked a year ago, it basically had every piece of spyware you could possibly get on the internet.
- Azselendor, on 03/03/2008, -0/+1the only way norton could protect anyone is if you used is bloated ass to clog a tube
- someone173406, on 03/01/2008, -0/+9I have a friend who thinks norton can protect his computer from spyware ( I managed to convince him wrong.). Meanwhile, his laptop is still unbootable from viruses, and when it worked a year ago, it basically had every piece of spyware you could possibly get on the internet.
- thailand1972, on 03/01/2008, -7/+1Winner! Funniest comment I've ready today - you should win a trophy or something, seriously.
- Edan25, on 03/01/2008, -0/+2Ah... no.
- someone173406, on 03/01/2008, -0/+1No, thank you.
- GibitStylin, on 03/01/2008, -0/+9wow that sounds like the typical geek squad / best buy response.
- StolenLamp, on 03/01/2008, -1/+3A bash.org quote, I believe.
- coollettuce, on 03/01/2008, -1/+21I've actually heard that from someone before.
- poyboy, on 03/01/2008, -9/+2Okay everyone, its time for a family friendly activity: Google Bombing! (I'm aware its not as efective as it used to be with google, but it works just fine for other engines :p)
So, paste this html tag everywhere and anywhere in comment sections/forums of popular websites:
*heinous scam (remove the *s)
Enjoy!- poyboy, on 03/01/2008, -5/+3html tags didnt go through, just put "heinous scam" as the anchor text to http://www.federalsuppliers.com/ .
If you cant figure that out you prabably arent mature enough to participate. (?) - LexisNexis, on 03/01/2008, -0/+1Yeah because that's real mature...
- poyboy, on 03/01/2008, -5/+3html tags didnt go through, just put "heinous scam" as the anchor text to http://www.federalsuppliers.com/ .
- DestroyFascism, on 03/01/2008, -1/+22MM Just like the old Windows CD's. Look in system32 and there it is, the cd key....but you hacker you! (Makes me wonder if it was deliberate)
- bluehavana, on 03/01/2008, -4/+12I think Mensa also pulls this scam.
- greeniemeani, on 03/01/2008, -8/+4They should use something infinently more secure like "Password Pro":
http://javascript.internet.com/passwords/password- ...
lulz!!!!- Voyagerfan5761, on 03/01/2008, -4/+0Still not secure. Anybody worth their salt in JavaScript (or any similarly structured language, really) will figure that one out, too. In short order.
- greeniemeani, on 03/01/2008, -2/+5I thought the lulz at the end kind of made it clear that I was kidding....
- Voyagerfan5761, on 03/01/2008, -4/+0Still not secure. Anybody worth their salt in JavaScript (or any similarly structured language, really) will figure that one out, too. In short order.
- Biasutti, on 03/01/2008, -12/+1I'm just learning javaScript and even i would now not to do this. They should of linked to the script right? Anyways funny stuff it reminded me i have an assignment to finish hehe.
- geobay, on 03/01/2008, -0/+8Even if they linked to the script in a separate file, it is still publicly viewable and not appropriate for securing information.
Javascript has it's place and this is not it.- Biasutti, on 03/01/2008, -1/+4ah i see ok thanks. I have much to learn
- Inverno, on 03/01/2008, -0/+1Geobay's right. SQL/php your passwords with md5. Each user should have a unique id and password, and it should be presented in such a way that the server and anyone watching the traffic can not know the plaintext value.
- Voyagerfan5761, on 03/01/2008, -0/+0indeed, JS is for effects and usability (like the jQuery Digg uses), not security. It can be used to help a server-side database, but not as a stand-alone solution. Obviously.
- elijahsnw, on 03/01/2008, -1/+4Nevermind that.....should HAVE, not should of.... it's people like you that pave the road from normal guy to grammar nazi... I don't know why mistakes like that infuriate me so much.. it's not even really a grammar mistake.. not really a spelling mistake.. It's just plain wrong and it makes you look stupid and me anal... urgh
- sabach, on 03/01/2008, -0/+2What makes you look anal AND stupid is the fact that you're ragging on the wrong guy about it.
- elijahsnw, on 03/01/2008, -1/+4Nevermind that.....should HAVE, not should of.... it's people like you that pave the road from normal guy to grammar nazi... I don't know why mistakes like that infuriate me so much.. it's not even really a grammar mistake.. not really a spelling mistake.. It's just plain wrong and it makes you look stupid and me anal... urgh
- geobay, on 03/01/2008, -0/+8Even if they linked to the script in a separate file, it is still publicly viewable and not appropriate for securing information.
- RichStevenson, on 03/01/2008, -2/+14Didn't go thru all the results but there's another site on the first page using the same code to protect their site. lol
http://www.google.com/search?source=ig&hl=en&rlz=& ...- daveheinzel, on 03/01/2008, -0/+2Ha - awesome. That led me to this page:
http://www.htmlfreecodes.com/Put%20password%20on%2 ...
From the page: "This Code is a very nice sample of how to put password on your website." That's exactly what it does - it puts the password on your web page. Right on there for everyone to see (in the source code). Which is usually the desired result.
- daveheinzel, on 03/01/2008, -0/+2Ha - awesome. That led me to this page:
- jftitan, on 03/01/2008, -4/+3Damn I tried to submit my company.... and they wouldn't accept me... Something about my Decision makers... Bobs YourUncle, Richard Wacker, Dick Cheese. what the refusal to accept my submission because my three decision makers are not white? Well I did say I was referred... by YourStupidity.
- TeagueSterling, on 03/01/2008, -0/+2I hope you're not implying they were checking the HTTP Referrer. That would be giving them WAY too much credit.
- adrames, on 03/01/2008, -0/+6I love their redundant support form too:
http://www.federalsuppliers.com/form.html- techmaster, on 03/01/2008, -0/+8While you're picking the site apart, how about "Federal R" and "Egulations" in the top menu? And I love how the login form has a RESET button. On a a form with two fields!? I'm so damn lazy that clearing two fields is too much of a chore, I would rather be able to click a single button to clear them? What is this, 1994?
- Archer007, on 03/01/2008, -0/+1Holy crap at least line up the form fields!
- qhor, on 03/01/2008, -1/+37http://www.bash.org/?117002
- Voyagerfan5761, on 03/01/2008, -9/+1Er...?
- neopherine, on 03/01/2008, -8/+2
10 Basic Linux Security Tips to Implement
http://www.linuxhaxor.net/2007/11/21/10-basic-linu ...- qhor, on 03/01/2008, -0/+7I don't see anything in there about not putting your passwords in the HTML source of a page. This addition would be an excellent Item #11.
- Quicksilver4648, on 03/01/2008, -2/+3Lol, this is so funny. I just checked and the username and password are the same from earlier. Too bad the page has been taken down.
- kcapxis, on 03/01/2008, -0/+49I remember back when I was going to Texas Tech University they had a system called TOPIC that the English department used to accept and grade papers. Once you logged in you could modify the URL, which contained your UserID, with other IDs. If you tried enough times you would land on the ID of one of the professors, and thus could read anybody's work and change anybody's grades, even your own. Last I heard they were still using it, and were even selling it to other colleges like the U of Wyoming. If I'm not mistaken they still use it today.
I tried to tell them about it, but they literally called me a terrorist for discovering and bringing it to their attention. Guess letting the cat out of the bag on Digg won't hurt now, eh?
"Hacking" is fun.- Voyagerfan5761, on 03/01/2008, -1/+21It's altogether too common for the whistle-blowers of the tech world to be punished for reporting a serious problem... And the problems often remain unfixed!
- bxblox, on 03/01/2008, -0/+14My cs department had something like this as well. Also, If you threw in a couple of special characters into the url it would kill the server so no assignments could be collected until someone reset it (no one bothered to fix the actual problem).
- prgmctan, on 03/01/2008, -0/+3I guess someone will have to teach them a lesson then
- emurphy42, on 03/01/2008, -0/+2This is begging for someone to hack in and give entire classes of students an A. Or an F. Okay, let's split the difference and say a C. Sadly, while it would probably escalate to someone who would make heads roll until it got fixed, that someone still wouldn't be guaranteed to have the tech savvy to distinguish a real fix from an "oh yeah, boss, we fixed it all right, we got this here expert that says so!".
- emurphy42, on 03/01/2008, -0/+2This is begging for someone to hack in and give entire classes of students an A. Or an F. Okay, let's split the difference and say a C. Sadly, while it would probably escalate to someone who would make heads roll until it got fixed, that someone still wouldn't be guaranteed to have the tech savvy to distinguish a real fix from an "oh yeah, boss, we fixed it all right, we got this here expert that says so!".
- tritiumpie, on 03/01/2008, -2/+35Looks like this douche has been "providing this service" to unsuspecting people since '97. If any of you care to say "howdy":
Domain: FEDERALSUPPLIERS.COM
Registration provider: MateMedia, Inc.
Registrant
Jim Sprecher
jim@countrysidepublishing.com
PO Box 1735
Oldsmar, FL 34677 US
+1.8139250195
(FAX)- tritiumpie, on 03/01/2008, -0/+19looks like ol Jim registered *****...
Registrant:
Countryside Publishing
3135 State Road 580
Suite #6
Safety Harbor, FL 34695
US
1-727-726-3400
Domain Name: COUNTRYSIDEPUBLISHING.COM
Administrative Contact:
Spreck, JIm jspreck@yahoo.com
3135 State Road 580
Suite #6
Safety Harbor, FL 34695
US
1-727-726-3400
--> EDIT: Before any of you flip out about privacy bs, this is all available via netsol.com's WHOIS lookup - BigBallistix, on 03/01/2008, -0/+41996 according to the password he used "gov1996"
- Assad, on 03/01/2008, -0/+4I dare you to go to his registrar's page and try to login with the same username and password he used in the javascript
- tritiumpie, on 03/01/2008, -0/+19looks like ol Jim registered *****...
- reflex768, on 03/01/2008, -0/+58>>>"FSG Rep: Wait-wait-wait... clients? You called our clients? How did you--"
Telling. A rep for a good company, which supplies a good service for their clients, smiles when they hear their target customer has spoken to their clients. A scammer is horrified, as this one clearly was.- Elliuotatar, on 03/01/2008, -0/+2This guy is probably ***** himself right now. He probably scammed hundreds of companies out of their money and that page with the list just hasn't been updated in forever. And he probably has no idea that it's eay to track that website right back to him.
- AndreiOttawa, on 03/01/2008, -1/+42***
thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government
and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.
****
Was that a joke?- purzzzell, on 03/01/2008, -0/+2can't tell.
- Azselendor, on 03/03/2008, -0/+1If they put that infront of any computer security expert, within five minutes they'll be laughed out of the building
- purzzzell, on 03/01/2008, -0/+2can't tell.
- crumbler, on 03/01/2008, -0/+6ray@delcowire.com is on the fax....delcowire.com seems to be somewhat legit..It's unbelievable this guy used his work email to run this scam.
- crumbler, on 03/01/2008, -0/+1Perhaps, I should have not posted....
-- div class="copywrite">
-- CABLE CAPABILITY YOU CAN DEPEND ON
-- Copyright Delco Wire and Cable Limited 2008
-- /div>
Left brackets removed so it will show
- crumbler, on 03/01/2008, -0/+1Perhaps, I should have not posted....
- demigod, on 03/01/2008, -0/+5Menus, More Menus, INFOBAR!!!
- Jalh, on 03/01/2008, -0/+1i love the "if" statement
- chousho, on 03/02/2008, -0/+1I'm more taken with the "while" statement, but that's neither here nor there.
- kd1s, on 03/01/2008, -0/+13Oh I get these calls all the time. The latest was for zipweb. I immediately tell them that unless they're giving ME cash they can go pound sand.
- thailand1972, on 03/01/2008, -0/+11So that's why I couldn't login - I didn't have javascript enabled.
- hadak, on 03/01/2008, -3/+3I just lol'd.
- say592, on 03/01/2008, -2/+10Ahh yes. I love the general publics perception of hacking.
Obviously he didnt "hack" anything, he viewed the source, but it sure scared that lady! lol- CoryDambach, on 03/03/2008, -0/+1 Bury Me!
- techmaster, on 03/01/2008, -1/+36"Federal Suppliers Guide is a small business that places other small businesses, across the United States, in front of federal purchasing agents for government work. Using our directory
We are the oldest and largest publishing company in this industry!"
So which one is it!? Are you a small business, or the largest publishing company in the industry?- ArandiaT, on 03/01/2008, -0/+6Well, they don't have to be exclusive....
The market for scammers as dumb as this one is pretty limited - purzzzell, on 03/01/2008, -0/+3nice find.
- chousho, on 03/02/2008, -0/+1Clearly they're the largest small business publishing company in the industry ;D
- Azselendor, on 03/03/2008, -0/+1Like Reno Nevada is the biggest little city in the world
- ArandiaT, on 03/01/2008, -0/+6Well, they don't have to be exclusive....
- vibrokatana, on 03/01/2008, -1/+24This reminds me of the quizzes we have in a rather lame computer class that grades everything via javascript before submitting it. All the answers are stored in hex, which is easy as hell to decipher if you know what the heck you are doing. I figure when I get my final grade I will email him the exploit via an anonymous email and see what his reaction is.
- lyssword, on 03/01/2008, -0/+2At least they got decent CSS rollover buttons :D
- nullr3, on 03/01/2008, -1/+4I dont know who are the bigger n00bs the scammers or the people who actually fell for it
- purzzzell, on 03/01/2008, -1/+1don't blame the victim in this one - people who run businesses know their business, they don't know things like advertising, bookkeeping, etc (assuming these are not their business) -they're also NOT in the business of scamming and don't know how to identify one.
I mean - do you want a roofer to know how to put your roof on, or spend all his time researching whether the newest advertiser sending him a mailing is a scam.
- purzzzell, on 03/01/2008, -1/+1don't blame the victim in this one - people who run businesses know their business, they don't know things like advertising, bookkeeping, etc (assuming these are not their business) -they're also NOT in the business of scamming and don't know how to identify one.
-
Show 51 - 100 of 101 discussions
Check out the new & improved 
© Digg Inc. 2008 — Content posted by Digg users is 