‘First time we have detected a crime using this method,’ cops say Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn’t settle some of those tabs, police say.…

  • Riskable@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 day ago

    Define, “hacked.” I ask because there’s degrees to this sort of thing.

    Example 1: Hacker finds SQL injection vulnerability and uses it to change his bill after booking.

    Example 2: “Hacker” changes the HTML form that submits his booking by changing a read-only value to read-write and adjusts the price to $1.

    The first one is actual hacking. The second? Come on! In that case the hotel accepted the booking with the reduced price. That’s not really hacking, that’s just a comedy of errors in judgement on behalf of the hotel.

    The second example is like changing the price tag on something in a store to $0.01 and then having the clerk look at it and say, “well, that seems low but the price that says one cent, so…” 🤷

    • Fiery@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Your example 2 is just describing improper input validation/bad logic. Which… Is still hacking. It’s just a different category of vulnerability and difficulty (though slamming a SQL inject in every input field you can’t find isn’t the most complex either).

      Example 3: guy finds admin panel with default password - still hacking Example 4: guy finds improperly secured admin endpoints in booking software - also hacking Example 5: booking server wasn’t updated in 2 years and hacker uses a PoC exploit he pulled from somewhere to hack it - yup also hacking Etc

      All those are wildly different ways of achieving the end result but they all share two things: 1. They’re hacking 2. They’re illegal to use for anything other than responsible disclosure

  • pinball_wizard@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 day ago

    Keep vibe coding, kids.

    And if I’m ever on this guy’s jury, the evidence doesn’t sound compelling, to me. Sounds like a misunderstanding.