Buy Sell Discuss UK Domain Names at AcornDomains.co.uk affiliate window

Today's Drop Dates are: 19-02-2012 or 26-02-2012   All times are GMT. The time now is 10:41:00 AM.
Domain Name Sales Domain Software Calculate UK Domain Drop Dates Domain Registration NameDrive Domain Parking Subscribe to our Domains For Sale newsletter
Go Back   Domain Forum Acorn Domains Buy Sell Auction UK Domains > Domain Parking > Sedo
Connect with Facebook

Sedo Buying, Selling, Parking Domains with Sedo - Sign up for an account

Closed Thread
 
LinkBack Thread Tools Display Modes
Old 29-08-2007, 06:32:04 PM     #21 (permalink)

 
olebean's Avatar
 
Join Date: Nov 2005
Location: Rarotonga
Posts: 2,240
olebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond repute

PM sent to Sedo!
olebean is offline  
Old 29-08-2007, 08:12:32 PM     #22 (permalink)

 
rjs_essex's Avatar
 
Join Date: Oct 2006
Location: Essex
Posts: 2,173
rjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond repute

This has always been a serious security flaw with Sedo's login system. It creates session urls that don't expire from one user / machine to another... Hence why you should never put sedo links anywhere on the net that include your session data within the url!

Lee - I have edited your original post for you - I hope anyone reading this thread (even guests) have not done anything untoward - Double check your account settings etc!

Rich
__________________
Richard - Read my blog: File under: 'Miscellaneous'...
Twitter - Follow me: Find out what I'm doing!
Phone Insurance | Pool Balls | Pool Cues
rjs_essex is offline  
Old 29-08-2007, 08:24:52 PM     #23 (permalink)

 
olebean's Avatar
 
Join Date: Nov 2005
Location: Rarotonga
Posts: 2,240
olebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond reputeolebean has a reputation beyond repute

Quote:
Originally Posted by rjs_essex View Post
This has always been a serious security flaw with Sedo's login system. It creates session urls that don't expire from one user / machine to another... Hence why you should never put sedo links anywhere on the net that include your session data within the url!

Lee - I have edited your original post for you - I hope anyone reading this thread (even guests) have not done anything untoward - Double check your account settings etc!

Rich
And change passwords!!
olebean is offline  
Old 29-08-2007, 08:52:40 PM     #24 (permalink)

 
rjs_essex's Avatar
 
Join Date: Oct 2006
Location: Essex
Posts: 2,173
rjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond repute

Quote:
Originally Posted by olebean View Post
And change passwords!!
Always a good idea but at Sedo you can't see you current password and you have to enter your old password to create a new one so no one could have changed it and even if they did you would be unable to log back in...
__________________
Richard - Read my blog: File under: 'Miscellaneous'...
Twitter - Follow me: Find out what I'm doing!
Phone Insurance | Pool Balls | Pool Cues
rjs_essex is offline  
Old 30-08-2007, 07:11:55 AM     #25 (permalink)
Sedo Staff
 
sedo's Avatar
 
Join Date: Aug 2005
Location: High Holborn, London, UK
Posts: 1,060
sedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond repute

Hi Everybody,

Thank you all for this, I'll get our tech-people on this straight away.

Shaun
sedo is offline  
Old 30-08-2007, 09:18:08 AM     #26 (permalink)
Sedo Staff
 
sedo's Avatar
 
Join Date: Aug 2005
Location: High Holborn, London, UK
Posts: 1,060
sedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond repute

Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

shaun.wilkinson@sedo.com
sedo is offline  
Old 30-08-2007, 10:56:51 AM     #27 (permalink)

 
rjs_essex's Avatar
 
Join Date: Oct 2006
Location: Essex
Posts: 2,173
rjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond reputerjs_essex has a reputation beyond repute

Quote:
Originally Posted by sedo View Post
Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

shaun.wilkinson@sedo.com
How long have they been working on this? It's been the same since I can remember... Sedo is the only major site that I know of that has this problem... its very lax security in my opinion...
__________________
Richard - Read my blog: File under: 'Miscellaneous'...
Twitter - Follow me: Find out what I'm doing!
Phone Insurance | Pool Balls | Pool Cues
rjs_essex is offline  
Old 30-08-2007, 02:12:52 PM     #28 (permalink)
Sedo Staff
 
sedo's Avatar
 
Join Date: Aug 2005
Location: High Holborn, London, UK
Posts: 1,060
sedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond reputesedo has a reputation beyond repute

My colleague in the tech department that system updates to resolve this problem should be up and running within a couple of weeks.

Regards,

Shaun

shaun.wilkinson@sedo.com
sedo is offline  
Old 30-08-2007, 02:32:30 PM     #29 (permalink)

 
aquanuke's Avatar
 
Join Date: May 2005
Location: Surrey
Posts: 1,993
aquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond reputeaquanuke has a reputation beyond repute

Quote:
Originally Posted by sedo View Post
My colleague in the tech department that system updates to resolve this problem should be up and running within a couple of weeks.

Regards,

Shaun

shaun.wilkinson@sedo.com
http://www.acorndomains.co.uk/sedo/1...-security.html

Couple of weeks, Almost a year since last time someone mentioned this problem.
aquanuke is offline  
Old 31-08-2007, 02:47:36 AM     #30 (permalink)
Banned
 
Join Date: Apr 2005
Posts: 5,643
retired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond reputeretired_member6 has a reputation beyond repute

Quote:
Originally Posted by sedo View Post
Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

shaun.wilkinson@sedo.com
so sue me, take care of your own security.
retired_member6 is offline  
Closed Thread



Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Domain Name Community Replies Last Post
2/3/4 page site required to be made! lex007 Website Design 1 26-09-2006 03:13:16 PM
Link to a certain section of a page? How to? BFTUK Website Design 2 14-02-2006 12:33:08 PM

Domain Sponsor 2


All times are GMT. The time now is 10:41:00 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 RC 2
All content on Acorn Domains is member generated and is not moderated before posting. All content is viewed and used by you at your own risk and AD does not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributors and not necessarily those of AD. Please contact us to report any issues or send a PM to "Admin".