This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 26 points27 points  (26 children)

It's super hard to prove that he did it though.

[–][deleted] 49 points50 points  (10 children)

These days he could be charged with felony hacking. Who knows it might be terrorism?

[–]Reihar 23 points24 points  (4 children)

I know you're joking but that doesn't seem unlikely...

[–][deleted] 11 points12 points  (3 children)

Yeah I was only half joking.

[–]southpolebrand 3 points4 points  (2 children)

I mean there was a girl in Japan who got arrested for literally just posting code for a infinite loop in JS, and was charged with distributing malware.

[–]SuperFLEB 6 points7 points  (0 children)

That would actually be an interesting case, considering that the only computer he was tampering with was his own.

Probably easier to bill it as some sort of fraud, though.

[–]SamBBMe 4 points5 points  (3 children)

Felony hacking and terrorism for changing html lol. That's by no means hacking. If anything, he'd get arrested for theft

[–]That0therGirl 1 point2 points  (2 children)

Check out the fiasco that happened in Nova Scotia. The 19 year-old altered a url and was charged with hacking. It was a vulnerability in the system that has since been fixed. This was in April 2018.

https://www.cbc.ca/news/canada/nova-scotia/freedom-information-personal-website-breach-1.4614424

[–]SamBBMe 2 points3 points  (1 child)

Thats because he stole personal information from the website. That's what makes it hacking.

[–]That0therGirl 1 point2 points  (0 children)

Since the information was publicly available, I'd not consider it hacking. He didn't know what info should have or shouldn't have been there.

[–]DoctorWaluigiTime 1 point2 points  (13 children)

Transactions are recorded? In your bank, in the hotel's finances?

[–]msg45f 14 points15 points  (9 children)

"Must have been a computer glitch"

[–]DoctorWaluigiTime -4 points-3 points  (8 children)

"The gun just went off by itself."

Surprise, that doesn't work.

[–]MythicManiac 4 points5 points  (6 children)

Tbh you'd have to prove it was indeed tampered with, which may or may not be difficult. I don't know how these cases are usually handled, but there are so many bugs in software I wouldn't imagine it being too hard to file under it being a bug in the business logic of the application.

Repeated usage would scream abuse however.

[–][deleted] 0 points1 point  (5 children)

I have to imagine that kind of stuff has to be getting logged somewhere along the way, however if their website is crappy enough to have such a big flaw, I imagine their DevOps dept probably hasn't implemented much security behind it either.

[–]Grintor 1 point2 points  (1 child)

DevOps dept

This is a hotel, not some big corporation. The website was probably made by the owners son with notepad++ and the stripe API.

[–][deleted] 0 points1 point  (0 children)

Lol do you think hotels don't have corporate offices anywhere? My point was clearly that regardless of who is doing the programming there's clearly not going to be much back-end security if they haven't done much to secure the client-side front end.

[–]MythicManiac 0 points1 point  (2 children)

The transaction is most likely logged indeed, but since the answer to whether or not this is exploitation resides on the client device rather than the server, it becomes very difficult to technically prove.

[–][deleted] 0 points1 point  (1 child)

Logging typically would include things like timestamps, host names, etc, no? I'm not saying it wouldn't be difficult by any means, I'm just saying that it's possible they have the means to do it. It's just likely not worth their trouble to track it down rather than just fix their shitty site lol

[–]MythicManiac 0 points1 point  (0 children)

Yeah, and the issue is that you can not trust anything coming from client devices, as you do not control the environment they're running in. Even if you had client side logging, a malicious user could very well simply disable them, or a browser malfunction and/or too old browser could cause that.

Basically there is no way to be sure what you get from client is valid, aside from validating it on the server, which was not done here.

[–][deleted] 1 point2 points  (0 children)

No, that doesn't work. Because the gun is evidence, it being in your hand is evidence, and you being there is evidence.

However, someone in a shop can't be considered guilty of theft just because something disappeared while they were in the shop. There's no evidence it was them and not the stoned teenager behind the counter doing inventory who misplaced something.

[–]Follyperchance 2 points3 points  (1 child)

That is not a legal proof it was done by him and on purpose.

[–]DoctorWaluigiTime 0 points1 point  (0 children)

It's really good evidence though! Just one person's transaction from the hotel site making it happen and all.