Search the Community
Showing results for tags 'starbucks'.
-
A hacker was able to get a free lunch from Starbucks. A hacker who reported a security hole in Starbucks' website has criticised the company's handling of the matter. Egor Homakov found a flaw that let him duplicate funds on a gift card, which he spent in a store to test his theory. He told Starbucks so they could fix the flaw, but said that the company had then called his actions "malicious". "The unpleasant part is a guy from Starbucks calling me with nothing like "thanks" but mentioning "fraud" and "malicious actions" instead," he wrote. A spokeswoman for Starbucks told BBC News: "After this individual reported he was able to commit fraudulent activity against Starbucks, we put safeguards in place to prevent replication." The company did not answer questions about its response to Mr Homakov. How did it work? Storm in a tea cup? Mr Homakov repaid the amount he spent. Starbucks gift cards can be registered online so customers can top up their account and transfer money between cards. Mr Homakov worked out that making two web browsers transfer money between the same cards, at the same time, sometimes duplicated the transfer and added funds to a gift card that had not been paid for. After buying some drinks and a sandwich in a store to test if the process had worked, Mr Homakov topped up the card to repay the $1.70 (£1.10) he owed to the company. Should Starbucks be angry? There is an ongoing debate about the ethics of bug hunting between hackers and their targets. Some people think that hackers should seek a company's permission before attempting to find holes in its software. "I can appreciate why Starbucks was disgruntled," security expert Graham Cluley told the BBC. "It didn't want everyone digging around in its systems looking for bugs." The chain told it already had safeguards "to constantly monitor for fraudulent activity". "In an ideal world you'd always approach the company first, but if you're trying to identify a problem there can be a lot of dead ends. "Starbucks should be grateful this bug was found by somebody who worked with it to fix the problem," he added. The idea of responsible disclosure, giving companies time to fix security holes, is not new. Big technology companies like Google, Mozilla and Facebook already offer cash incentives to hackers who report bugs and help fix them, rather than publishing information online. "Bounties are a good idea, because they encourage any researcher who stumbles across a flaw to work with you to fix it," explained Mr Cluley. "Companies like Starbucks need to wake up and smell the coffee. Criminals could have used this exploit to make a lot of money, so Mr Homakov has done it a favour." Source http://www.bbc.com/
About Us
We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.