What is Digg?Sponsored by Travelzoo
$52 and Up—Airlines Slash Fares On Peak Holiday Flights. view!
travelzoo.com - This year, waiting until the last minute is NOT the best strategy. See why.
316 Comments
- techweenie1, on 03/01/2008, -1/+502You're not supposed to look at the page source you HACKER!!!!
- lukedinan, on 03/01/2008, -1/+215thats like hiding your key in the lock
- inactive, on 03/01/2008, -0/+188You can't hack me, I have norton!
- rynTAU, on 03/01/2008, -0/+175check out the comments on that site, at the bottom.. "thank you hackers for trying to destroy federal suppliers guides reputation. have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions."... haha
- grodrigu, on 03/01/2008, -10/+173I wish hacking was always this easy.
- JeremyO, on 03/01/2008, -1/+153they probably changed username and password after that episode ... anyway they are:
if (form.id.value=="Agent") | if (form.pass.value=="fsg2008")
This is just awesome - ha1f, on 03/01/2008, -5/+123How is this sobering? The programmer for this site was/is obviously a ***** retard.
- thenativeraver, on 03/01/2008, -0/+115Even though they took everything down, google see's all.
http://www.google.com/search?q=+site:federalsuppli ... - Phatt138, on 03/01/2008, -0/+100Your neighbor's 11 yr old whizkid would never make this kind of mistake.
- inactive, on 03/01/2008, -3/+91This is what happens when you don't realize internet is serious business. Don't let your neighbor's 11 yr old whizkid maintain you website. Get a professional.
- afx1, on 03/01/2008, -2/+88now it's if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") { as of this posting but the resulting page is 404
to think i wasted all that time hacking it for a 404 - tthatfreak, on 03/01/2008, -1/+76Who wouldn't invest in a company that uses this animated gif on their site?
http://www.federalsuppliers.com/images/money.gif
I use the word "animated" very loosely. - condormcs, on 03/01/2008, -0/+71you hacked our site!? You can't do that! It's SECURE!
- atdigg, on 03/01/2008, -9/+78Hmm, maybe that's why you SHOULD outsource your programming jobs to India... I doubt a well schooled Indian would make such a mistake.
- jj101, on 03/01/2008, -1/+65That comment from the guy who claims to work there is hysterical!
- chowmeined, on 03/01/2008, -0/+63They should upgrade to ROT26.
- Birks, on 03/01/2008, -0/+63I love the post from the guy saying that the website is ruining his business... maybe he has been making a living at it for 10 years, but that doesn't make it any less of a scam.
- derekivey, on 03/01/2008, -0/+62LOL!
"sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better." - reflex768, on 03/01/2008, -0/+58>>>"FSG Rep: Wait-wait-wait... clients? You called our clients? How did you--"
Telling. A rep for a good company, which supplies a good service for their clients, smiles when they hear their target customer has spoken to their clients. A scammer is horrified, as this one clearly was. - Zarokima, on 03/01/2008, -1/+57Why does an African have a UK email?
- grangeryoung, on 03/01/2008, -4/+60/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="zzzzzz") {
if (form.pass.value=="fffxxx") {
location="http://officers.federalsuppliers.com/agents.html"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
I love it, can't stop laughing. - BlackCow, on 03/01/2008, -1/+56Ah yes invest in the ever so "expensive" MySQL.
- inactive, on 03/01/2008, -0/+55Your neighbours 11 yr old Frontpage expert, on the other hand...
Stop giving wizkids a bad name. - Akaji, on 03/01/2008, -2/+53Crap, that means I've been a hacker for the last 10 years... I sure hope the feds don't come after me. /paranoid
- kcapxis, on 03/01/2008, -0/+49I remember back when I was going to Texas Tech University they had a system called TOPIC that the English department used to accept and grade papers. Once you logged in you could modify the URL, which contained your UserID, with other IDs. If you tried enough times you would land on the ID of one of the professors, and thus could read anybody's work and change anybody's grades, even your own. Last I heard they were still using it, and were even selling it to other colleges like the U of Wyoming. If I'm not mistaken they still use it today.
I tried to tell them about it, but they literally called me a terrorist for discovering and bringing it to their attention. Guess letting the cat out of the bag on Digg won't hurt now, eh?
"Hacking" is fun. - gbarberi, on 03/01/2008, -0/+47Is there a name for this scam yet? I know it's old, but I'm not aware of any actual name for it.
Give us some money and we'll put you in this book. I've gotten a few things to my address informing me that I'm "eligible" for inclusion in some silly professional guides. A little research on the internet let me know these things were scams. College students, as well, have been targets. Although, for them, there are some legit ones. - cyb3rdemon, on 03/01/2008, -3/+49By the way, security through javascript is possible. You just need to use a hash, a strong password, and encrypt the url with the password.
Pseudocode:
if md5(password)=="5f4cb82cd3c31a528f449eb113d54d8f"
goto("http://website.com/admin/" + decrypt(password, "H4K72gkA4b"))
else alert("wrong password") - Phatt138, on 03/01/2008, -1/+44...sobering to realize that there are that many ***** retard admins in the world...
- oolatin79, on 03/01/2008, -0/+41or like using one of those school combination locks and leaving the combo sticker on the lock....
- AndreiOttawa, on 03/01/2008, -1/+42***
thank you hackers for trying to destroy federal suppliers guides reputation. i have worked here with my wife for 10 years now and have helped hundreds of clients obtain federal government work. i have 4 children and though you don't care you are hurting the feelings of many good employees and customers by your immature actions. sorry our site wasn't protected to your standards however all of you are being reported to the appropriate authorities as we have your information too. you should of protected your info a little better. not only is the company legit we actually have held a 5 year GSA contract with the federal government
and one of my best clients just broke 500,000 dollars in federal sales directly related to the GSA contract we got them. i am proud to work here and help small businesses obtain government workand also help federal buyers locate qualified small businesses to do business with. if you not interested in government work or our services of helping small businesses navigate the federal market fine but please don't slander the company. its rude, your comments are not truthful we are not a scam and i hope someday you realize that all you have to do is check us out with dun & bradstreet or GSA or the florida local and state chambers of commerce to see that what we do is real and federal buyers do request both our hardcopy guides and the online directory as well.
****
Was that a joke? - sethkinast, on 03/01/2008, -1/+41Haha, the new username and password is now zzzzzz and fffxxx :D but the page itself is now offline.
- SquigglyP, on 03/01/2008, -1/+39I wonder... is it more entertaining that this scam artist got 'hacked' so easily, or that he probably paid someone else a ***** of money to make him a 'secure' website.
- qhor, on 03/01/2008, -1/+36http://www.bash.org/?117002
- techmaster, on 03/01/2008, -1/+36"Federal Suppliers Guide is a small business that places other small businesses, across the United States, in front of federal purchasing agents for government work. Using our directory
We are the oldest and largest publishing company in this industry!"
So which one is it!? Are you a small business, or the largest publishing company in the industry? - tritiumpie, on 03/01/2008, -2/+35Looks like this douche has been "providing this service" to unsuspecting people since '97. If any of you care to say "howdy":
Domain: FEDERALSUPPLIERS.COM
Registration provider: MateMedia, Inc.
Registrant
Jim Sprecher
jim@countrysidepublishing.com
PO Box 1735
Oldsmar, FL 34677 US
+1.8139250195
(FAX) - t0ny, on 03/01/2008, -1/+32I got in trouble for doing just that in high school and they even called my mom and told her I was hacking google.com.
- thenativeraver, on 03/01/2008, -2/+33It looks like they too the page down
http://officers.federalsuppliers.com/agents.html - passedoutghost, on 03/01/2008, -0/+30I just realised I could make the money stop flowing if I hit the "esc" key in firefox. :O
- udflyers, on 03/01/2008, -0/+29I think they call it "vanity publishing". It's not illegal, just misleading. The "Who's Who" books and Yellow Pages web sites are two similar scams to this one.
- Logistics1, on 03/01/2008, -1/+30Web Server at federalsuppliers.com
!--
- Unfortunately, Microsoft has added a clever new
- "feature" to Internet Explorer. If the text of
- an error's message is "too small", specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. You can turn that off,
- but it's pretty tricky to find switch called
- "smart error messages". That means, of course,
- that short error messages are censored by default.
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment like this to push it
- over the five hundred and twelve bytes minimum.
- Of course, that's exactly what you're reading
- right now.
-->
Well... there goes tonights fun. *sigh*
Oh well, back to the movie. *grabs my beer* - KloroFormd, on 03/01/2008, -2/+31I can't stop laughing after I heard you caught herpes from your cousin.
- FatLoser, on 03/01/2008, -3/+31i stopped laughing after if ound out I caught herpes from my cousin
- KibibyteBrain, on 03/01/2008, -0/+28Just make sure you do it over SSL to prevent man-in-the-middle interception of the decrypted url.
- blckt, on 03/01/2008, -0/+27More like this is why you shouldn't outsource your programming jobs to Mississippi.
- techmaster, on 03/01/2008, -5/+31Buried as inaccurate... If it was really posted by an African, every other word would be "click"
- AndreiOttawa, on 03/01/2008, -0/+25WTF was that?
- Akaji, on 03/01/2008, -1/+25Yeah, but 10 minutes isn't worth a lot of money.
- wrillo, on 03/01/2008, -0/+24Its funny because they really have no ***** idea!
- n0xin, on 03/01/2008, -1/+24Does anyone remember howtohack.com from the late 90's? Its first level was doing exactly this.
- vibrokatana, on 03/01/2008, -1/+24This reminds me of the quizzes we have in a rather lame computer class that grades everything via javascript before submitting it. All the answers are stored in hex, which is easy as hell to decipher if you know what the heck you are doing. I figure when I get my final grade I will email him the exploit via an anonymous email and see what his reaction is.
-
Show 51 - 100 of 321 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is 