Offers Received Page

olebean · Aug 29, 2007

PM sent to Sedo!

rjs_essex · Aug 29, 2007

This has always been a serious security flaw with Sedo's login system. It creates session urls that don't expire from one user / machine to another... Hence why you should never put sedo links anywhere on the net that include your session data within the url!

Lee - I have edited your original post for you - I hope anyone reading this thread (even guests) have not done anything untoward - Double check your account settings etc!

Rich

olebean · Aug 29, 2007

rjs_essex said:
This has always been a serious security flaw with Sedo's login system. It creates session urls that don't expire from one user / machine to another... Hence why you should never put sedo links anywhere on the net that include your session data within the url!

Lee - I have edited your original post for you - I hope anyone reading this thread (even guests) have not done anything untoward - Double check your account settings etc!

Rich

And change passwords!!

rjs_essex · Aug 29, 2007

olebean said:
And change passwords!!

Always a good idea but at Sedo you can't see you current password and you have to enter your old password to create a new one so no one could have changed it and even if they did you would be unable to log back in...

sedo · Aug 30, 2007

Hi Everybody,

Thank you all for this, I'll get our tech-people on this straight away.

Shaun

sedo · Aug 30, 2007

Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

[email protected]

rjs_essex · Aug 30, 2007

sedo said:
Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

[email protected]

How long have they been working on this? It's been the same since I can remember... :roll: Sedo is the only major site that I know of that has this problem... its very lax security in my opinion... :roll:

sedo · Aug 30, 2007

My colleague in the tech department that system updates to resolve this problem should be up and running within a couple of weeks.

Regards,

Shaun

[email protected]

aquanuke · Aug 30, 2007

sedo said:
My colleague in the tech department that system updates to resolve this problem should be up and running within a couple of weeks.

Regards,

Shaun

[email protected]

http://www.acorndomains.co.uk/sedo/12619-hows-security.html

Couple of weeks, Almost a year since last time someone mentioned this problem.

retired_member6 · Aug 31, 2007

sedo said:
Hello All,

A message from Sedo's technical department, although one I'm sure most of you are aware of this - never post links containing session ID's!! It is written in our terms and conditions, and also in our FAQ's, that this should never be done. Our techies are currently working on a solution to this, hopefully making it impossible to get into accounts this way even if the links are posted.

However, please take care with this!

Regards,

Shaun

[email protected]

so sue me, take care of your own security.

sedo · Aug 31, 2007

Hi Lee/Everyone,

Don't get me wrong, I wasn't trying to put any blame on to all of you for this. We are working on a solution to what is essentially a problem that starts with us - I just wanted to highlight what can be done to prevent the problem until we have solved it.

Regards,

Shaun

[email protected]

retired_member6 · Aug 31, 2007

Pass my thanks on to the directors of sedo, their useless system lost me another sale, imerch.co.uk, pick up the phone please, talk to the buyer and get the sale back on, for the life of me i cant bleeding see the offer ever existed in my account. angry.

retired_member6 · Sep 3, 2007

re imerch.co.uk could you contact the possible buyer and get this sold please, this still isnt in my account, nor is there any history.

sedo · Sep 3, 2007

Hi Lee,

I think you're right that the reason you can't see your offers history is down to a bug, and I have contacted our tech team to take a look at this for you.

As for calling buyers, I repeat that we cannot offer free domain brokerage.

Regards,

Shaun

[email protected]

retired_member6 · Sep 18, 2007

Another two weeks, I guess I lost the ****** sale then, when its gonna be fixed? You keep showboating with your public auctions, nevermind the small fry and your site not working properly.

zee · Sep 18, 2007

that fault has been there for ages, have had people send me details about domains from turkey and I could go through their sedo details , lost a few frends trying to give advice and assure them I was not hacking into their private details, and that was a year ago...zee

Offers Received Page

olebean

rjs_essex

olebean

rjs_essex

sedo

Sedo Staff

sedo

Sedo Staff

rjs_essex

sedo

Sedo Staff

aquanuke

retired_member6

sedo

Sedo Staff

retired_member6

retired_member6

sedo

Sedo Staff

retired_member6

zee

Similar threads

The Rule #1

Members online

Premium Members

Latest Comments

Upcoming events

New Threads

Other domain forums

Our Mods' Businesses

Settings Notifications

Options

We value your privacy