Thread regarding Albertsons layoffs

A VP needs to be fired for this stunt.

The Albertsons website doesn't handle the password sequence correctly. What this means is when I pass a certain sequence of characters, the site will let me access any ones personal information. And since the programming is sloppy, it doesn't trip off the firewire monitoring system.

I just tried it against both my account and my coworkers (with consent). I won't try the entire site because I have better things do than get fired and spent 6 years in jail for getting everyone's social security numbers and checking account info.

And yes, I tried contacting IT. And as usual, no one responds. Maybe I should submit my findings to a security website before someone wakes UP?

by Anonymous
| 2311 views | | 3 replies (last January 17, 2020) | Reply
Post ID: @OP+ZVF5VS3
Comment! It's anonymous!

3 replies (most recent on top)

No one cares about Albertson, people that work for this company are wash up people who can't work anywhere else, it's over for this company !! They deserve everything that happen to them!!!

by Anonymous
| | Reply
Post ID: @38dqd+ZVF5VS3

Too many typos this morning. My excuse for sounding like captain caveman is that I only got 45 minutes of sleep last night

by I_GOT_REJECTED_BY_YALE_UNIVERSITY
| | Reply
Post ID: @2dbk+ZVF5VS3

And if you want to see awesome this gets, then anyone who has some kind and science background should write a script and then in the password field pass something like

"\'\'"

Alternatively, when you load the password file from the ram, append' to the start of substring and ' to the end of the substring.

Then look at the TCP/IP packet exchange along with the number of characters that get actually get stored in the computer memory.

This CAN'T be done at the command line. In some respects that behavior resembles the old DEC Alpha machines in the respect that certain things can only be done via a program. This is one of them -)

by Anonymous
| | Reply
Post ID: @2dzz+ZVF5VS3

Post a reply

: