[OWASP-Bangalore] [BCM] Shaadi.com Hack : What You/Your friends should be doing.

Raxit Sheth raxitsheth2000 at gmail.com
Fri Jan 25 01:17:08 UTC 2013


Akash & other hackers!

Good Morning,

Intention of X-posting was bit different, And now marking only
owasp-null, coz i know here are some of the best guys who can
understand this!

Just i was approached by one of the employee of People group (i think
it is best to not disclose his name!) and he wrote,  Copy pasting

"Hats off to you Buddy !! i have done a Cyber Security Presentation
and informed about all the open cs threats to our CEO Mr.Anupam Mittal
and all the Business Heads in October 2012 but unfortunately many of
them were ignored by the technical team but today i really feel proud
after you gave the reality check to them, i am very proud of you. I am
from Navi Mumbai working with Shaadi.com People Group, worked with
<snipped>  earlier..."


Nothing new,  Many times Big/Small companies keep ignoring suggestions
from their internal team.  We will fix only if someone will report it
(in B2C), We will fix only if client will ask us multiple time (in
B2B) kind of stuff!

Any similar experience with anyone?


Raxit


On Thu, Jan 24, 2013 at 5:36 PM, Raxit Sheth <raxitsheth2000 at gmail.com> wrote:
> Akash
>
> Agree. noted. will take care next.
>
> Raxit
>
> On Thu, Jan 24, 2013 at 5:28 PM, Akash <akashmahajan at gmail.com> wrote:
>> Hi Raxit,
>>
>> I appreciate that you have reported this issue and it has been fixed.
>>
>> But please stop doing a reply all. Ideally you shouldn't be cross posting in
>> the first place.
>>
>> Thank you.
>>
>>
>> On 24 January 2013 17:13, Raxit Sheth <raxitsheth2000 at gmail.com> wrote:
>>>
>>> Ranjeet
>>>
>>> on a separate note,  my last public hack was before 1.5-2 year back!
>>> No need to prove anyone!
>>>
>>> Raxit
>>>
>>>
>>> On Thu, Jan 24, 2013 at 5:04 PM, Raxit Sheth <raxitsheth2000 at gmail.com>
>>> wrote:
>>> > Ranjit
>>> >
>>> > Use good word, minor may be on list :-) [at one time, due to f word i
>>> > thought to moderate your msg on barcamp list]
>>> >
>>> > We are building larger solution as well, would you love to join @
>>> > http://smartmumbaikar.com ?
>>> > It is with your interest of Sapling project/go green and Amchi Mumbai!
>>> >
>>> > Raxit
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, Jan 24, 2013 at 1:08 PM, Ranjeet Walunj <mayavi at gmail.com>
>>> > wrote:
>>> >> Why the fuck are you spending your quality time doing these things?
>>> >>
>>> >> Build large solutions than finding these choto chota cracks (in someone
>>> >> else's solution.)
>>> >>
>>> >> You do not have to repeatedly mention that you are a hacker with good
>>> >> intention.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Thu, Jan 24, 2013 at 11:35 AM, Raxit Sheth
>>> >> <raxitsheth2000 at gmail.com>
>>> >> wrote:
>>> >>>
>>> >>> Hey
>>> >>>
>>> >>>
>>> >>> Recently i was able to get access to many profiles of shaadi, more
>>> >>> details are here.
>>> >>>
>>> >>> https://twitter.com/raxit/status/294315616297435136
>>> >>> https://www.facebook.com/raxitsheth2000/posts/261609590635647
>>> >>>
>>> >>>
>>> >>> Shaadi.com has already fix this (after that only m disclosing!) As
>>> >>> this clearly indicates it is very easy to get other people profile,
>>> >>> modify, send interest to other profile, accept/reject interest, Modify
>>> >>> profile, see contact number etc,   If you/your friends are on
>>> >>> shaadi.com   you/they want to cross verify each details once again.
>>> >>>
>>> >>> You may want to share with your friends with good intention and ask
>>> >>> them to double check with their profile/interest and other things
>>> >>> (more detail is in the link above)
>>> >>>
>>> >>>
>>> >>> Raxit Sheth
>>> >>>
>>> >>> --
>>> >>> --
>>> >>> www.barcampmumbai.org
>>> >>> http://groups.google.com/group/barcampmumbai2?hl=en
>>> >>>
>>> >>>
>>> >>
>>> >> --
>>> >> --
>>> >> www.barcampmumbai.org
>>> >> http://groups.google.com/group/barcampmumbai2?hl=en
>>> >>
>>> >>
>>> _______________________________________________
>>> OWASP-Bangalore mailing list
>>> OWASP-Bangalore at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>>
>>
>>
>> --
>> Warm regards,
>> Akash Mahajan
>>
>> That Web Application Security Guy | +91 99 805 271 82
>> akashm.com | @makash on twitter | linkd.in/webappsecguy
>> OWASP Bangalore Chapter Lead | null Community Manager
>>
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>


More information about the OWASP-Bangalore mailing list