Simon Willison’s Weblog

Blogmarks tagged security, amazon

Filters: Type: blogmark × security × amazon ×


Amazon Says Listing Problem Was an Error, Not a Hack (via) “A friend within the company told him that someone working on Amazon’s French site mistagged a number of keyword categories, including the ’Gay and Lesbian’ category, as pornographic, using what’s known internally as the Browse Nodes tool. Soon the mistake affected Amazon sites worldwide.” # 14th April 2009, 8:32 am

How to cause moral outrage from the entire Internet in ten lines of code. Looks legit—the author claims to have sparked this weekend’s #amazonfail moral outrage (where Amazon where accused of removing Gay and Lesbian books from their best seller rankings) by exploiting a CSRF hole in Amazon’s “report as inappropriate” feature to trigger automatic takedowns. EDIT: His claim is disputed elsewhere (see comments) # 13th April 2009, 7:48 pm

Amazon makes you lie to log off (via) Amazingly, the only way to sign out of Amazon these days is to use the “If you’re not XXX, click here” link—the traditional “sign out” link has quietly vanished. # 2nd October 2007, 1:19 pm

Chris Shiflett: My Amazon Anniversary. Chris Shiflett discloses an unfixed CSRF vulnerability in Amazon’s 1-Click feature that lets an attacker add items to your shopping basket—after reporting the vulnerability to Amazon a year ago! # 16th March 2007, 10:16 am