October 2007
M T W T F S S
« Sep   Nov »
 1234567
891011121314
15161718192021
22232425262728
2930  
« Bad Closed Captioning  
  Bates and Rocky Boots »

Bad Flaw in Local Online Advertising Company

I was alerted to very very bad flaw when I was blog hopping around. It seems that a local online advertising company (Local ADCO) has been exposed by a blogger. Of all the bugs in a production system, this is the first time I came across this.

Local ADCO is a company that advertise on blogs. There are publishers/bloggers and advertisers where the publishers will place a certain piece of code on their blog/website to show the advertisers ads. Of course, if you are familiar with online advertising, the publisher earn a certain amount of money and the advertisers will gain traffic to their website. Both parties wins.

Now, this particular blogger was doing his usual stuffs, logged in to his account and check his stats. I joined Local ADCO since the beginning of their start up so I do know what he is talking about in his blog. There is this particular stats field in the system where it shows you what keyword people has been searching for to reach your blog. The search keywords here are not very useful at all. It has only 5 last searched keyword which isn’t enough in my opinion. In blogger keyword stats, he saw that there was a link that came from the administrative side of the Local ADCO.

Out of curiosity he click on the link and he expected to be prompted for a user name and password. A shock he got as he not only he doesn’t need to enter any password, it direct him to the administrative dashboard. For someone who doesn’t work for the Local ADCO being able to access the administrative account, this is a serious flaw. I think over and over how he can access it so easily. Anyway, he click on all the available tabs there is in the administrator account.

There was another surprise for him. In one page, he saw a list of bloggers and their earnings from placing their code. He could see how much he has earn for a particular period, for a particular advertiser. In fact, he could see everyone earnings all together there. About the earnings, he did mention that some bloggers who have lower ranking, has earnings more than him, in the mid range of 3 digits. When I saw the pictures I can’t believe it too. Yes, there were snapshots capture by him and pasted all over his blog. Even one quite famous blogger who has a higher ranking and band has low earnings too. The band here has something to do with the earnings. In the picture, there were quite a few with band 0 earning more than 3 digits whereas those with higher band has just about 2-digits earnings. Seems like something wrong with their distribution of the advertisers money.

I just can’t believe that the Local ADCO has such serious security flaw. Luckily for them that the blogger didn’t do anything in the administrator panel. By the way, the blogger in mention here had deleted his post. It seems that he was threaten by the founder of the Local ADCO that he will be sued if he didn’t remove his post. I wonder how many people have read his post. Rather than threatening people, they should just concentrate on fixing their mess up problem. They have yet to launch their latest version which they promise to be out in October.

NN

October 20th, 2007 | Category: Blogging | 24 comments

24 comments to Bad Flaw in Local Online Advertising Company

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree