Caution Action Village Users

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Lohman446
    Useful posts: 7
    • Jun 2003
    • 9315
    #1

    Caution Action Village Users

    Make sure, when following a link, to not get too far into your account. I followed a link this morning, got into shopping, and filling out info. When other people went behind me to the same link my information remained there - address, phone number, etc. Apparently it held the information from my AV account. Kinda strange. AV is going to have to review there security, as it left all my info basically there for anyone following the link after me.

    Big props to Arstron for catching it and phantomhitman and Skoad for helping me deal with it.
    Last edited by Lohman446; 12-01-2005, 09:20 AM.
    "Unless someone like you cares a whole awful lot, nothing is going to get better. Its not" - Dr Suess
    Tags: None
    • phantomhitman
      ao's official bad guy
      • Oct 2003
      • 1841
      #2
      that really sucks. i hope they do fix this, because people link to them all the time. I guess that link is just temporary for each user that visits, so if you start handing out that same link to everyone else it assumes you are the same computer. That is my only way of thinking on this werid issue.
      my feedback
      countdown on devilmag day........ill let you now

        Comment

        • Arstron
          fusionowners.org

          • Mar 2005
          • 2347
          #3
          I cant even imagine why they would create their shopping cart that way, its true that cookies have their disadvantages, but they are much more secure then the way AV is handeling things...

            Comment

            • webmstrk9
              Registered User
              • Sep 2004
              • 268
              #4
              The link that was provided by Skoad in the price drop thread has the SID, so everyone clicking on the link and would be using that SID, so when you added to the cart, it added it to that SID and not an unique SID that you would have created if you were to just browse the site directly.

              Gloss Black X-Mag | Matte Black ND FreeStyle | PPS PGP Stroker | CCM SV Pump

                Comment

                • joeschmo
                  #5
                  cant you just log out when youre done shopping, and not provide links to stuff in the forum while logged into to your account?

                  I want to know cause I have an AV account, and I dont want to use it from anywhere but my home computer if that is true.

                  thats a bummer.

                    Comment

                    • Lohman446
                      Useful posts: 7
                      • Jun 2003
                      • 9315
                      #6
                      Originally posted by joeschmo
                      cant you just log out when youre done shopping, and not provide links to stuff in the forum while logged into to your account?

                      I want to know cause I have an AV account, and I dont want to use it from anywhere but my home computer if that is true.

                      thats a bummer.
                      The link in question now links someone elses account...
                      "Unless someone like you cares a whole awful lot, nothing is going to get better. Its not" - Dr Suess

                        Comment

                        • Arstron
                          fusionowners.org

                          • Mar 2005
                          • 2347
                          #7
                          Originally posted by webmstrk9
                          The link that was provided by Skoad in the price drop thread has the SID, so everyone clicking on the link and would be using that SID, so when you added to the cart, it added it to that SID and not an unique SID that you would have created if you were to just browse the site directly.
                          since somone elses account is on their, it shows that the SID isnt listed in the link, I dont know how it is doing this...

                            Comment

                            • Lohman446
                              Useful posts: 7
                              • Jun 2003
                              • 9315
                              #8
                              Originally posted by Arstron
                              since somone elses account is on their, it shows that the SID isnt listed in the link, I dont know how it is doing this...
                              Its a screwed up deal and AV needs to fix it. It is highly unlikely that someone ordering from a company someone else has previously ordered from flags a credit card fraud issue - though obvioulsy I don't know what flags those exactly.
                              "Unless someone like you cares a whole awful lot, nothing is going to get better. Its not" - Dr Suess

                                Comment

                                • Arstron
                                  fusionowners.org

                                  • Mar 2005
                                  • 2347
                                  #9
                                  LUCKILY, they still require you to enter your credit card information before you order. Thats the only good news though.

                                    Comment

                                    Previous template Next
                                    Working...