Author

Topic: Hacker Double-Spends...On A Starbucks Card! (Read 850 times)

G2M
sr. member
Activity: 280
Merit: 250
Activity: 616

Truly an idiot. Being an egghead does not place you above the law.

He's probably the only person that would bother to "exploit" a Starbucks card for $1.70...
Maybe he should break into his neighbor's house and "penetration test" his pooch.


Nah, likely the source of hate came from employees knowingly exploiting this.

Getting the news to place any sort of blame on the guy that called them out would be a way to slide the above thought.
full member
Activity: 184
Merit: 100
It's normally good practice for security researchers to alert the company with the vulnerable system before going public. If he'd done that their attitude might have been different.
legendary
Activity: 924
Merit: 1000
funny but not surprising.. I bet he cloned the card then used it maybe hmmm ?
not sure how this is related to Altcoins but it's interesting news though Smiley

I posted it to show a contrast - and to show that centralized system are not immune to double spends, regardless of what we might think.

Here's the contrast: Double-spend a ---coin? You wreck it, send it to the zombie pages of Coinmarketcap, get congratulated in this forum. Double-spend a corporate e-card? Get threated with legal action.

I wonder if that ethical hacker picked up some of his tricks in these parts. Had he done it to an altcoin, in exactly the way that he did it "to" Starbucks, he would have gotten a nice bounty and profuse thanks from the dev(s). He certainly wouldn't have been threatened with legal action!
tss
hero member
Activity: 742
Merit: 500
Poor guy... he'll never see the light of day.

and yet "you" are still out there...
vip
Activity: 308
Merit: 250
Poor guy... he'll never see the light of day.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
funny but not surprising.. I bet he cloned the card then used it maybe hmmm ?
not sure how this is related to Altcoins but it's interesting news though Smiley
legendary
Activity: 1588
Merit: 1000

Truly an idiot. Being an egghead does not place you above the law.

He's probably the only person that would bother to "exploit" a Starbucks card for $1.70...
Maybe he should break into his neighbor's house and "penetration test" his pooch.
legendary
Activity: 1946
Merit: 1007
Did he only disclose it to starbucks and give them a chance to fix it before he went public with it? Otherwise I don't think he was being smart..
full member
Activity: 209
Merit: 250
And here's the reception he got:

Quote from: Dan Goodin
Researcher who exploits bug in Starbucks gift cards gets rebuke, not love

Plenty of poor manners to go around in fraudulent $1.70 purchase.


A security researcher said he found a way to game Starbucks gift cards to generate unlimited amounts of money on them. Both he and the coffee chain are grumbling after he used a fraudulent card to make a purchase, then repaid the amount and reported the vulnerability.

Egor Homakov of the Sakurity security consultancy found a weakness known as a race condition in the section of the Starbucks website responsible for checking balances and transferring money to gift cards. To test if an exploit would work in the real world, the researcher bought three $5 cards. After a fair amount of experimentation, he managed to transfer the $5 balance from card A to card B, not just once as one would expect, but twice. As a result, Homakov now had a total balance of $20, a net—and fraudulent—gain of $5.

The researcher went on to visit a downtown San Francisco Starbucks location to make sure his attack would actually work. He used the two cards to make a $16.70 cent purchase. He went on to deposit an additional $10 from his credit card "to make sure the US justice system will not put us in jail over $1.70," he explained in a blog post. Here's where hurt feelings—and arguably an overreaction on the part of both parties—entered into the story. Homakov wrote:...

http://arstechnica.com/security/2015/05/researcher-who-exploits-bug-in-starbucks-gift-cards-gets-rebuke-not-love/



Looks like someone's in need of a blockchain...and some good manners.





Very sad for it  Cry
legendary
Activity: 924
Merit: 1000
And here's the reception he got:

Quote from: Dan Goodin
Researcher who exploits bug in Starbucks gift cards gets rebuke, not love

Plenty of poor manners to go around in fraudulent $1.70 purchase.


A security researcher said he found a way to game Starbucks gift cards to generate unlimited amounts of money on them. Both he and the coffee chain are grumbling after he used a fraudulent card to make a purchase, then repaid the amount and reported the vulnerability.

Egor Homakov of the Sakurity security consultancy found a weakness known as a race condition in the section of the Starbucks website responsible for checking balances and transferring money to gift cards. To test if an exploit would work in the real world, the researcher bought three $5 cards. After a fair amount of experimentation, he managed to transfer the $5 balance from card A to card B, not just once as one would expect, but twice. As a result, Homakov now had a total balance of $20, a net—and fraudulent—gain of $5.

The researcher went on to visit a downtown San Francisco Starbucks location to make sure his attack would actually work. He used the two cards to make a $16.70 cent purchase. He went on to deposit an additional $10 from his credit card "to make sure the US justice system will not put us in jail over $1.70," he explained in a blog post. Here's where hurt feelings—and arguably an overreaction on the part of both parties—entered into the story. Homakov wrote:...

http://arstechnica.com/security/2015/05/researcher-who-exploits-bug-in-starbucks-gift-cards-gets-rebuke-not-love/



Looks like someone's in need of a blockchain...and some good manners.


Jump to: