The Down Range Forum
Member Section => Down Range Cafe => Topic started by: mosbear on January 07, 2009, 11:39:51 AM
-
Just came across this discussion on M&P forum. If you are Sportsmansguide customer take a look:
http://mp-pistol.com/boards/index.php?showtopic=18332&st=0 (http://mp-pistol.com/boards/index.php?showtopic=18332&st=0)
-
We need to light up Sportsmans Guide with emails and get this fixed!
-
Apparently was fixed or at least disabled a couple of days ago according to the m&p thread. I just tried some lookups and no dice.
-
Apparently was fixed or at least disabled a couple of days ago according to the m&p thread. I just tried some lookups and no dice.
It is working for me..... used generic names like "Smith" and various zip codes and can find many different results.
-
Didn't work for me. Maybe they got it fixed. I'd hate to stop buying from them.
-
I tried common names like Smith and Jones and some different zip codes my city and for some of them one name and address came up. For some there were so many it wants to know which address, which I could enter from the phone book if I wanted. I tried Anderson and Williams too. Now I know the names and adresses of some complete strangers and exactly what they ordered. I clicked on the UPS tracking button and know exactly when each package was delivered too. It's scary that this information is available to anyone. People should have to sign into their own account to get any information, just like most other websites.
-
I just tried it with a friends name and got his whole order history ! :(
-
Funny.......but not really, I too did some random names and inadvertently came up with our local Deputy Chief of Police's orders! This REALLY needs to be fixed. ( Duh! ::) )
-
Funny.......but not really, I too did some random names and inadvertently came up with our local Deputy Chief of Police's orders! This REALLY needs to be fixed. ( Duh! ::) )
If you tell him about it maybe he can do something.
-
To fix this thing in the code is a peace of cake, when you are forcing the user to sign-up prior to any activity other then browsing. The problem is they don’t require permanent account to be created to make a purchase. They use "cookies" to identify the user and to keep track of the items in the basket. This could only be fixed by changing the business rules of the site, which they are not willing to do. Apparently one-off type of the transaction volume is high enough to justify their behavior. It is not a clear-cut case so; lawyers wouldn't work "pro bono" unless you are really harmed by this business practice. Creating a shit storm on the Internet could do the trick, but I am not 100% sure. ???
-
If you tell him about it maybe he can do something.
Bingo! That is the way to go
-
Looks like they require specific street address for each search now
-
Looks like they require specific street address for each search now
Yep. Now anyone who wants to steal your information will need to look up your address first.