Want a free travel bug?

For all your general chit chat, caching or not.
Biggles Bear
2200 or more geocaches found
2200 or more geocaches found
Posts: 660
Joined: 04 April 03 4:13 pm

Post by Biggles Bear » 08 December 06 5:31 pm

Aushiker wrote:
Lt. Sniper wrote:The exact same thing stopped me from signing up. That and the lack of a privacy policy.
Do you sign in to geocaching.com?

Andrew
<P>
Sure most of us log into geocaching.com, but what is the connection between unite.geocaching.com and geocaching.com? Why does unite.geocaching.com require our geocaching.com user name and password? There is no valid reason to make the password a mandatory field.

User avatar
Aushiker
350 ? I am the lizard queen
350 ? I am the lizard queen
Posts: 1397
Joined: 30 July 04 2:35 pm
Twitter: Aushiker
Location: Fremantle, WA
Contact:

Post by Aushiker » 08 December 06 5:38 pm

Biggles Bear wrote:<P>
Sure most of us log into geocaching.com, but what is the connection between unite.geocaching.com and geocaching.com? Why does unite.geocaching.com require our geocaching.com user name and password? There is no valid reason to make the password a mandatory field.
My comment was in respect to the privacy etc comments as far this was some attempt to steal one's password etc. Unite.geocaching.com and geocaching.com are effectively the same websites, i.e., Geocaching.com. So getting one's knickers in a note about logging into unite.geocaching.com is pretty pointless. You are still accessing geocaching.com, just a sub-domain of same.

The most logical reason for the login requirement as already explained on the geocaching.com forums is that unite.geocaching.com cannot see the cookie that is deposited when you log into geocaching.com and hence the second login is required to validate that you are a legitimate geocaching member. That is unite.geocaching.com cannot tell you are logged in to geocaching.com. Maybe someone with more technical knowledge can explain that.

I know at work we have this all the time ... no big deal.

Regards
Andrew

Biggles Bear
2200 or more geocaches found
2200 or more geocaches found
Posts: 660
Joined: 04 April 03 4:13 pm

Post by Biggles Bear » 08 December 06 5:45 pm

I have no doubt that it is legitimate, however I still consider it very bad practice, and will not not be signing up.

User avatar
Aushiker
350 ? I am the lizard queen
350 ? I am the lizard queen
Posts: 1397
Joined: 30 July 04 2:35 pm
Twitter: Aushiker
Location: Fremantle, WA
Contact:

Post by Aushiker » 08 December 06 5:57 pm

Biggles Bear wrote:I have no doubt that it is legitimate, however I still consider it very bad practice, and will not not be signing up.
That is your choice. I am sure more than enough people will see how important the cause is and get on with supporting it anyway.

Regards
Andrew

User avatar
RedPaw64
450 or more roots tripped over
450 or more roots tripped over
Posts: 69
Joined: 05 November 06 10:41 am
Location: Geelong
Contact:

Post by RedPaw64 » 08 December 06 9:47 pm

:) Well I supported it.. its a good cause and would be even better if i was to get a bug to place out somewhere. Shall wait and see if it comes..

happy caching everyone

User avatar
Aushiker
350 ? I am the lizard queen
350 ? I am the lizard queen
Posts: 1397
Joined: 30 July 04 2:35 pm
Twitter: Aushiker
Location: Fremantle, WA
Contact:

Post by Aushiker » 08 December 06 10:44 pm

RedPaw64 wrote::) Well I supported it.. its a good cause and would be even better if i was to get a bug to place out somewhere. Shall wait and see if it comes..
Same here. I think I moved pretty quickly on this one, but you never know.

Andrew

User avatar
roundcircle
1100 or more caches found
1100 or more caches found
Posts: 396
Joined: 27 May 06 10:10 pm
Location: Ballarat

Post by roundcircle » 08 December 06 11:44 pm

The application form has this clause: "Any personal information you submit using this form will be used solely for the purpose of mailing you a Unite for Diabetes Travel Bug."

What more do you want from a privacy policy? :?:

What's the worst they can do with free access to my caching account? Find a few new caches? Delete a few finds? Rabbit on in a forum perhaps. :shock:

On the other hand, I think you should all be very worried about the password and privacy issue. Makes it easier for me to get a free bug.

:D

Biggles Bear
2200 or more geocaches found
2200 or more geocaches found
Posts: 660
Joined: 04 April 03 4:13 pm

Post by Biggles Bear » 09 December 06 8:56 am

roundcircle wrote:.................
What's the worst they can do with free access to my caching account? ....................

:D
<p> How about a bit of cache piracy? That would do your reputation no end of harm.

<P>It's your account so take whatever risk you like. A good cause does not forgive poor internet security procedures.
<P>Oh and by the way; I do however have this friend who's family has had no end of hardships, and needs to move a (Very) large amount of money out of Nigeria, if you could only see your way clear to helping them out by provide me with your your bank account details, I sure we can see a happy ending to their sad plight. It's all in the name of a good cause, so you shouldn't have too much of a problem with that.

Team Seedsman
1000 or more caches found
1000 or more caches found
Posts: 66
Joined: 10 December 04 11:56 pm
Location: GREENWITH

Post by Team Seedsman » 09 December 06 10:17 am

Yes I see it now...My Bank Account details are the same as my Geocaching details...It's been a government conspiracy all this time...Where are Mulder & Scully when you need them...

User avatar
Aushiker
350 ? I am the lizard queen
350 ? I am the lizard queen
Posts: 1397
Joined: 30 July 04 2:35 pm
Twitter: Aushiker
Location: Fremantle, WA
Contact:

Post by Aushiker » 09 December 06 10:18 am

Biggles Bear wrote: <P>It's your account so take whatever risk you like. A good cause does not forgive poor internet security procedures.
Please explain how logging into a sub-domain at geocaching.com is poor Internet security? How is any different to logging into Geocaching.com?

Both are using the same authentication method it would seem. That is your logging into united.geocaching.com is confirming your veracity as a geocaching.com member! I don't understand how that would be poor internet security.

It would be far more more stupid IMO to let just anyone come along and ask for the bugs. That would rather defeat the purpose of providing them in the first place I would have thought.

It would seem the point of the travel bugs is support the promotion of diabetics awareness within the caching community worldwide. Having been at an event this past weekend and seeing the health of the majority of people at that event, including me, it was very very obvious that this is very important disease to draw attention to.

My suggestion is, before bagging Geocaching.com for their efforts in bringing to the community's attention such an important health issue that you get a bit more informed both about the diabetics and Internet security procedures.

It is most disappointing to see such a major area of concern in our community being devalued in this manner.

Cheers
Andrew

User avatar
Wingaap
1000 or more caches found
1000 or more caches found
Posts: 855
Joined: 19 August 05 11:47 am
Location: Ashgrove

Post by Wingaap » 09 December 06 10:46 am

Got my support.

User avatar
riblit
It's the journey.
It's the journey.
Posts: 3444
Joined: 04 April 03 6:30 pm
Location: Land Grant of John Campbell

Post by riblit » 09 December 06 11:09 am

My comment was in respect to the privacy etc comments as far this was some attempt to steal one's password etc. Unite.geocaching.com and geocaching.com are effectively the same websites, i.e., Geocaching.com
Thats not altogether true.
geocaching.com uses two servers. 66.150.167.149 and 66.150.167.148
unite.geocaching.com is hosted on 66.150.167.136. They are both in the same /24 block, however that is no guarantee that they are on the same host or even in the same city.

As Biggles Bear said, asking for the users password on a form such as that one bad practice. It goes against all that we are trying to to to educate internet users about security and is unnecessary.

It is possible to pass a cookie between a domain and a subdomain. We do it here. That's why your single login works for both geocaching.com.au and the subdomain forum.geocaching.com.au.

If the servers are located in the same building the form could have been designed to authenticate a user in real time against the existing database.

There is nothing to say how the information is being stored. All we know is that there is an insecure web site collecting user names and associated passwords in clear text. The form passes all data to another page called Default.aspx. One could assume that form simply stores the data in a database. Not as attractive as a list of credit card numbers but it could be attractive to some, given that a lot of people use a limited number of passwords over websites.

Biggles Bear
2200 or more geocaches found
2200 or more geocaches found
Posts: 660
Joined: 04 April 03 4:13 pm

Post by Biggles Bear » 09 December 06 1:01 pm

Team BaggyGreens wrote:Yes I see it now...My Bank Account details are the same as my Geocaching details...It's been a government conspiracy all this time...Where are Mulder & Scully when you need them...
<P>Before you go putting words in my mouth perhaps you should learn about the concept of a Paragraph
Wikipedia wrote:A paragraph is a self-contained unit of a discourse in a written text dealing with a particular point or idea,..............

Biggles Bear
2200 or more geocaches found
2200 or more geocaches found
Posts: 660
Joined: 04 April 03 4:13 pm

Post by Biggles Bear » 09 December 06 1:05 pm

To Riblit<P>
Image

User avatar
Geodes
Posts: 345
Joined: 22 April 05 5:52 pm
Location: Mitcham, Vic

Post by Geodes » 09 December 06 1:25 pm

I'm tempted to post a Commonwealth Bank URL qnd request that you all go there and login to confirm your account details, but I'm afraid some of you would actually do it :lol:
<P>I don't want to offend anyone, but my spam mail (and I get literally 1000's a day as the postmaster at a Vic Uni) is full of offers that sound a little like the one described above.
<P>Err on the side of caution in these matters :!:

Post Reply