Comments on: mintshot.co.nz cheating / hacks / security flaws etc.

By: Danzel

Danzel — Sat, 15 Dec 2007 03:41:17 +0000

I’m not going to add smilies support, it would require too much changes in the current framework.
Same with links2.
Post your comments in the thread that is relevant, I get automatic alerts so I will see them.

By: borgqueenx

borgqueenx — Fri, 14 Dec 2007 21:34:31 +0000

can you add smilies support to afkim danzel? i can supply you with smilies.
and is it possible to integrate the links2 browser somehow?

btw i loved the emails from CS. especially your simple response; fock off.

can you also teach me to hack:D ? just a joke, im already fair in it:p

By: Miss Prozac

Miss Prozac — Wed, 05 Dec 2007 04:40:18 +0000

Thanks for the update Mike

So, is it still possible to cheat in other ways or does it look like all the loopholes have been closed?

By: nz.mike9875

nz.mike9875 — Tue, 04 Dec 2007 09:13:28 +0000

Well they’ve fixed the bug in the submitanswer code. You can no longer fake the answer as the correct answer is now pulled from the database.
Changes to the type are now ignored (no boosting a gold to platinum for more m$)
Invalid question id’s are ignored.

Well done – Amazing what happens when some Kiwi coders get involved?

– Mike

By: Miss Prozac

Miss Prozac — Tue, 04 Dec 2007 05:36:26 +0000

Hey that’s great you heard from Nick. Funny, he hasn’t visited our site to thank us for pointing out all the communication errors LOL. Or maybe they sneak in and out of all the blogs and forums and pick up all the clues, but all they have to do is read their emails. Lots of people have written to them about the poor coding, implementation and testing!

By: Adz

Adz — Mon, 03 Dec 2007 11:13:48 +0000

hmm they really still have a long way to go!

By: Adz

Adz — Mon, 03 Dec 2007 11:12:19 +0000

‘rinkals’ been busy, at least not giving away the correct answer. I love how they pointed that out in the live version as well. Looks like the correct answer is hidden in a php file. Now, to get at that… ^^

By: Scott

Scott — Mon, 03 Dec 2007 03:33:52 +0000

Seriously, mintshot got all they deserved. I can’t stand it when sites have had 10 times more spent on the marketing budget then the coding budget. There have been alot better sites that have bitten the dust because they couldn’t get celebrity endorsements or pyrotechnics on Rangitoto.
@Pp: The only crime here was going live with such goddamn shoddy code. If it wasn’t an internal hack job in creating the site, an agency would be getting seriously roasted right now!
If I could push a parking meter button and it spat money out at me, I’d push that button a few times!

By: Danzel

Danzel — Mon, 03 Dec 2007 02:57:58 +0000

Wow finally. 🙂
No one likes public security disclosures against their product. But as Ac says above, you have been informed about this and it still isn’t fixed. The only way I can motivate you to fix it is to make it publicly known.
Enjoy.

By: Nick

Nick — Mon, 03 Dec 2007 02:19:05 +0000

Hi, Nick from Mintshot here.

Thanks for bring this security issue to our attention. We certainly don’t like security flaws being made public but the best way we are going to harden the solution is by listening to members and dealing with these issues quickly.

We are currently very focused on making mintshot s fair, fun and rewarding place to hang out.

Regards
Nick