Website security thread?

Discussion in 'American Airlines | AAdvantage' started by traveltoomuch, Mar 8, 2014.  |  Print Topic

  1. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    Sammich, gregm, flyforawg and 2 others like this.
  2. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,503
    Likes Received:
    20,197
    Status Points:
    16,520
    I posted in that thread. That activity has disappeared from my profile page. I assume someone thought the original post had too much detail (I disagree) but it very much disappoints me that my and other contributions vanished without explanation.
     
  3. gregm

    gregm Gold Member

    Messages:
    1,508
    Likes Received:
    2,161
    Status Points:
    1,200
    I remember someone requesting the OP removing the step by step instructions to 'hack' an account, but I also remember someone quoting censorship as a reason not to remove it.
     
  4. Pizzaman
    Original Member

    Pizzaman Co-founder

    Messages:
    4,516
    Likes Received:
    8,754
    Status Points:
    7,270
    Not sure, but I'm checking.
     
    traveltoomuch and gregm like this.
  5. zphelj

    zphelj Gold Member

    Messages:
    885
    Likes Received:
    1,805
    Status Points:
    1,020
    There is no security in obscurity. Better to post the gory details so it gets fixed.
     
    gconnery, flyforawg, uggboy and 3 others like this.
  6. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,423
    Status Points:
    20,020
    Well said.
     
  7. Randy Petersen
    Original Member

    Randy Petersen Founder

    Messages:
    2,731
    Likes Received:
    15,136
    Status Points:
    10,520
    FYI: Milepoint has nothing to do with the thread, apparently the member who started the thread redacted it. Here's a note from the member who started that thread. There were no complaints from Milepoint itself:

    ---------------
    I have voluntarily redacted this post, due to all the complaints....but please do go to AA.com, click on the reset password link, and see for yourself where the problem lies.
    ---------------
     
    LETTERBOY and zphelj like this.
  8. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,503
    Likes Received:
    20,197
    Status Points:
    16,520
    I didn't know that I could delete entire threads that I started, especially after several other folks have contributed to the conversation. How do I do that?
     
  9. Pizzaman
    Original Member

    Pizzaman Co-founder

    Messages:
    4,516
    Likes Received:
    8,754
    Status Points:
    7,270
    There was actually some other sensitive info that needed to be redacted before we re-opened the thread.

    That's been done now.
     
    LETTERBOY likes this.
  10. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,503
    Likes Received:
    20,197
    Status Points:
    16,520
    So since "there were no complaints from MilePoint itself", if I were to mention the same details that were in the original post in the now neutered thread, would my post be "redacted"? If so, why?
     
    traveltoomuch likes this.
  11. Pizzaman
    Original Member

    Pizzaman Co-founder

    Messages:
    4,516
    Likes Received:
    8,754
    Status Points:
    7,270
    Given that we haven't spent a ton of time thinking about this, my initial comment would be that I don't see any positive outcome from discussing the actual details of the security flaw pointed out originally. I may be convinced otherwise but it doesn't seem like a good idea as it was presented.
     
    LETTERBOY likes this.
  12. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    Security circles have spilled countless bits debating disclosure policies. As an example, here's an article by Bruce Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good Idea'. I tend to favor full disclosure, but there's something to be said for the OP's approach of notifying AA first and giving them time to fix things (which they apparently chose not to do) before disclosing publicly.

    I'm wondering why Milepoint's moderators are attempting to stop people from having a discussion of the actual details. As you say, you haven't spent a ton of time thinking about the merits of disclosing vulnerabilities. Some of us have. Some of us clearly would like to talk about the details. Please respect that informed choice and temper your efforts at censorship.
     
    HaveMilesWillTravel likes this.

Share This Page