Hacker News new | past | comments | ask | show | jobs | submit login

Hehe. I've seen this before. When a News.YC user dataset was released I downloaded it and noticed that this user's file was the largest, so I checked it out.

Now out of curiosity, how did you find this user? He hasn't been very active it seems since he signed up over a year ago. (I see only one comment for this user).




This is something you probably should have reported to pg (unless it was already fixed, of course. it seems to be now)

This kind of vulnerability makes it trivial to hijack someone's session. Of course you probably don't have any sensitive data on news.yc, but still...


I did the same thing... I just downloaded the user dataset and noticed that he/she had just a tad bit of javascript.

http://news.ycombinator.com/item?id=213891


"... how did you find this user? He hasn't been very active it seems since he signed up over a year ago ..."

The term 'arglebargle' is used by a current HN member. So don't make this assumption.


I apologize. I didn't mean to assume anything. I used the fact that this user has made 1 comment over a year ago and had only 2 karma from that one comment to base my statement. It's also why I said it "seemed" that he hasn't been active. That's why I was wondering how this user was found.


"... I apologize. I didn't mean to assume anything. I used the fact that this user has made 1 comment over a year ago and had only 2 karma from that one ..."

Don't appologise - there is nothing wrong with your comment. I was just pointing there is an existing user that made it. I didn't want to name them w/o being sure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: