Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
coolq48207y@potluck
Luckily for me, I could see how many people had actually voted(had a results page) and I ran the program right near the deadline for the poll. -
coolq48207y@potluck
1). There are 150 students, as I said above I made sure it was less than the maximum. Plus who cares if it's suspicious. I'm fact I how he's suspicious, so he uses a different poll system next time.
2). We are not voting for the subject, we are voting for the day that the lecture is held. You can always watch the recordings since not a whole lot of interaction goes on anyway. -
coolq48207y@potluck
It's all good man, and yes, I admit it wasn't ethical, it was just an amazing opportunity, I almost never see such a big mistake in a University. -
coolq48207y@potluck
I get the thumbs up, yay!
But I am likely to do this kind of thing once, I wanted to see if it would actually work. Thought it would be fun to post my findings here 😉 -
kunashe19687yIt's one thing being unethical - it's another thing justifying abuse because you can.
Imagine if someone hacked your national elections - who would you be punishing? The programmers or people in general?
If we abuse knowledge, society may just say you lot need a license to program because you can't behave ethically when left to your own devices. -
xorith26767y@kunashe Eeeehhhhh...
I see the point you're trying to make.
At the same time there's no better way to teach someone about their woeful ignorance than through practical examples. -
xorith26767y@JoshBent "Seems like my class voted to expel me. I've never seen votes so slanted before!"
-
pain04861717yThat is pretty cool. Have to ask though... Would it not have been simpler to just copy/capture the request and repeat the request 50 times via code? This circumvents the browser entirely and (should) run much faster.
-
coolq48207y@Nitroretro
Actually, I think I remember that! Inspiration?
@kunashe
Look, as I've said to others, I know this isn't ethical. At all. But this is a rare opportunity. And not just that, but I was also curious to know if it would work.
Also how on earth is this abuse? It is an exploit, but I fail to see how it is abuse.
What are your hoping to gain from this comment since I already know it isn't ethical?
@jeeper
I did 😛
@disolved
Well, there wasn't a lot of choice, all of them were at 7:30pm.
@xorith
Agreed.
@YourNemesis
I do realise that, but that's the risk I'm taking, so I can share it here on DevRant. I guess I'm trusting everyone here not to go around showing the news...
@gitpull
Nah, it's PM, so that's nighttime.
@xorith
What's going to happen? I must prepare...
@JoshBent
*sigh* probably. Hope not!
@xorith
Haha, that's pretty good joke, ironic too.
@JoshBent
Come on, at least I made sure it was possible.
@pain0486
Probably, but I didn't need it to go fast. -
coolq48207yFor some weird reason, DevRant thought my comment was blank, so I deleted one space and it worked...
-
Huuugo25057ySo you exploited an unsecured but working application that was meant for Democratic decision making and instead of reporting it or offering help, you brag about it here with a half-assed excuse. If you know this is unethical, don't do it, and do not brag about it. You neither put much effort into this hack, nor is your solution elegant. - - from me
-
coolq48207y@Huuugo
Wow, gee. What are you intending to gain here?
Look, this is a programming IT course, they should know better than this. Lets just say I was trying out their own teachings.
I find it hard to reply to this kind of comment. What do you want me to say?
Look, this wasn't a very important poll, there's a reason all the votes are usually close together.
I know voting is intended to be equal, I get that. And that is precisely why this is the only time I will ever do this again. Well, I can't guarantee (might become an ethical hacker, who knows).
I have also done a lot of good in the world. In fact, this kind of act is very unusual for me.
I admit this wasn't the right thing to do, and I am sorry if it negatively affected anyone.
I wouldn't call it bragging, lets call it sharing a story.
I know there are better things I could have done, but this poll didn't really do much anyway.
I don't want to have a comment war, so let's put the fire out now, okay? -
ldwall10987yNext time try using the network tab in devtools. It'll show you what http request is being made when you submit your vote. After that you can easily make a script that just replicates that request 😄
-
coolq48207y@ldwall
Hmm, I could have, but I didn't particularly need it to go fast. Good suggestion though 😉 -
coolq48207y@gofrendi
Alright, I'll take your advice, I've been thinking about it for a while now. He's a pretty easy going guy, so I doubt he'll be too angry, how should I go about not revealing my identity? -
coolq48207y@gofrendi (or anyone else)
Ok, I took your advice, now that the results are officially out, I sent him an email. I'll see what happens! -
That's a fundamental problem, even if it asked student ID people could enter other people's IDs. If there was some password or email linked to IDs then authentication was possible. Given only student IDs they didn't have any option and should have preferred manual voting.
Related Rants
-
error50312This happened few hours ago. Client: I received an email which says that I won 1 million dollars. They gave m...
-
BlueWilson12Phoney call from MS: - We at Microsoft have detected an issue with your PC. - Oh, I only have a Mac. - But tha...
-
liammartens34So are scammers using GitHub now? Like wtf is this 😂
I know it wasn't ethical, but I had to do it.
Semester 4 started this week, we all got to vote which day we wanted the lecture to be held on. There were quite a few options. My preference was Monday at 7:30pm.
So I entered the poll, as I have every other semester. But I noticed something, this particular poll didn't require any form of identification. Not even a Student ID.
I dug deeper, found that it used local cookies to store weather you'd voted or not, this is obviously a security problem, so I opened up Python and wrote a simple Selenium program to automate this process.
I called it the "Vote Smasher". First it would open the webpage, then it would choose Monday 7:30pm and vote. Then it would clear it's cookies, refresh and do it over again.
I ran it fifty times.
Can you guess what the revealed vote was for UCD SP4 IT was?
I heard my lecturer mutter:
"The votes aren't usually this slanted..."
I could hardly contain my giggles.
My vote won by about fifty over the others 😂
Let me just say, it was his fault for choosing such a naive poll system in the first place 😉
rant
poll
scam
ethics