Interesting... Hilton is letting Google crawl some files they shouldn't

Discussion in 'Hilton | HHonors' started by gconnery, Mar 12, 2014.  |  Print Topic

  1. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    I was just googling around with hilton and a particular Nxxx number I happen to know, looking for others, and I found some .xls files on Hilton's internal site that list corporate numbers. Of course you can't click through since you have to be logged in (if you're not Google's crawler anyway) but Google will happily summarize a couple of lines of the file for you... If you're smart you can figure out how to advance through the file line by line...
     
  2. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    The SRP Program table?

    Looks like Hilton's IT team needs to fix up their robots.txt file...
     
    gconnery likes this.
  3. KENNECTED
    Original Member

    KENNECTED Silver Member

    Messages:
    675
    Likes Received:
    858
    Status Points:
    795
    In English, non tech terms, what does this mean?
     
    gconnery likes this.
  4. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Looks like Hilton's IT team should learn what should and shouldn't be facing the internet :)

    If they have the same servers doing internet / intranet duties, then someone needs to get fired.
     
    gconnery and Sammich like this.
  5. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    That too :p
     
    gconnery likes this.
  6. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    That would be a yes.

    N9630083 / 0560020636 Mid American Energy Holdings Company
     
    Sammich likes this.
  7. Philphactor
    Original Member

    Philphactor Silver Member

    Messages:
    103
    Likes Received:
    131
    Status Points:
    420
    Might that explain why the corporate codes I have been using for almost a decade are no longer valid? :mad:
     
  8. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    Unlikely? If you're talking about the MVP codes that are getting harder to use, I actually can't get those using this method. And they've been widely known for ages.

    Plus all the ones I tried still work.

    You understand that these deals are renegotiated each year right? If the company whose code you were using switched hotel chains it might stop working. Or moved. These codes are generally location specific.

    Don't be one of those guys.
     
  9. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
  10. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,270
    Status Points:
    10,675
    Just a cautionary note.
    Some codes require identification to be presented and some do not qualify for points or stay credits.
    Stay cheap but stay safe!
     
    gconnery likes this.
  11. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    Yeah, I'm not using any of this. I just saw a post somebody else put up about the PR13CB rate and thought I'd try the same trick and see what it turned up. In this case I could actually click on the cached version of the document and look at it. Hilton just isn't doing a very good job of putting these things behind the firewall.
     
    WilliamQ likes this.
  12. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Most likely outsourced their IT/website team to a third party company but they do the content updates themselves. (Non-technical users)
     
    WilliamQ likes this.
  13. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,270
    Status Points:
    10,675
    Hilton has a huge site especially if you consider all the booking engine underneath that spans through their various brands.
    Would they not keep it in house for faster and better respond, control etc?
     
    Sammich likes this.
  14. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Costs and Time. You'd be surprised how many large financial institutions eg HSBC, TD (Canada), BoA outsource their IT team to a third party. It's just much easier to do it this way than spend time hiring qualifying individuals then specify project objectives.

    Downside is definitely lack of response and control, seen most infamously with the initial launch of Obamacare's site as well as Maryland (?)'a internal healthcare system. (Which fired x company and ended up hiring Deloitte)

    But most businesses and organizations claim that Costs outweigh the benefits of response and control.
     
    WilliamQ likes this.
  15. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    And... its gone. They finally noticed I guess.
     
    Sammich likes this.
  16. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Someone got fired :p
     
    WilliamQ likes this.
  17. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,270
    Status Points:
    10,675
    Hope not unless it was a (outsourced) company who promised efficiency, security, redundancy, scalability etc.
    In this case, only "codes" were "leaked" and not customer information.
    I doubt if any of these codes were BIG secrets and also, folks have always been known to use codes "illegally" anyway. :p
     
  18. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,270
    Status Points:
    10,675
    To add on, Internet is a huge double edged sword. While it provides great visibility for a company if used correctly, it could also be a huge liability.

    If you build a company in the real world, leaving a door open (unlocked) does not give anyone the right to intrude in. If you had secured all the ground floor windows and doors, leaving a window opened in the 33th storey does not seem to be quite a risk.

    Now, if you build a virtual company (online portal), if you do not close every door or window, it is your fault if Google or Bing sends in their "bot armies" and starts shifting through the rooms and cabinets and what nots and then show it to the world. In fact, if a thief comes in through the sewage pipes (real world) or OS bug (online), its likely not as bad for the real world then the online breach.

    Such a different concept.
     
  19. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    I think you're overdoing it a little. I mean I don't create web sites or operate a server of any kind but even *I* have heard about the robots.txt file:

    http://www.robotstxt.org/robotstxt.html

    Seriously. A text file containing two lines telling all crawlers to keep out? How hard is that?
     
  20. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    I understand if a company wants to put corporate info and their public website on the same server. But yes robots.txt is not excusable. It's a basic concept in every web design.

    On a side note...it took 17 hours for Yahoo Mail to patch a vulnerability revealed yesterday....
     
  21. gconnery

    gconnery Silver Member

    Messages:
    586
    Likes Received:
    459
    Status Points:
    620
    Yeah, I was a little pissed about Yahoo for a while on Tuesday? too, but then I read the really decent coverage of HeartBleed on the WashingtonPost that revealed I number of things I hadn't known. For example, the early reporting suggested that Google and Facebook for example weren't affected but in fact they were but got an early heads up, which Yahoo didn't. So they managed to patch their servers before the issue went public. I think a few others also got an early heads up the previous week--CloudFlare, Akamai. A few others I think.
    Some really nice reporting. Convinced me to donate some money to the OpenSSL effort too.
     
    WilliamQ likes this.

Share This Page