NonSports Forum

Net54baseball.com
Welcome to Net54baseball.com. These forums are devoted to both Pre- and Post- war baseball cards and vintage memorabilia, as well as other sports. There is a separate section for Buying, Selling and Trading - the B/S/T area!! If you write anything concerning a person or company your full name needs to be in your post or obtainable from it. . Contact the moderator at leon@net54baseball.com should you have any questions or concerns. When you click on links to eBay on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network. Enjoy!
Net54baseball.com
Net54baseball.com
ebay GSB
T206s on eBay
Babe Ruth Cards on eBay
t206 Ty Cobb on eBay
Ty Cobb Cards on eBay
Lou Gehrig Cards on eBay
Baseball T201-T217 on eBay
Baseball E90-E107 on eBay
T205 Cards on eBay
Baseball Postcards on eBay
Goudey Cards on eBay
Baseball Memorabilia on eBay
Baseball Exhibit Cards on eBay
Baseball Strip Cards on eBay
Baseball Baking Cards on eBay
Sporting News Cards on eBay
Play Ball Cards on eBay
Joe DiMaggio Cards on eBay
Mickey Mantle Cards on eBay
Bowman 1951-1955 on eBay
Football Cards on eBay

Go Back   Net54baseball.com Forums > Net54baseball Main Forum - WWII & Older Baseball Cards > Net54baseball Vintage (WWII & Older) Baseball Cards & New Member Introductions

Reply
 
Thread Tools Display Modes
  #1  
Old 10-19-2013, 08:30 AM
thehoodedcoder thehoodedcoder is offline
Kevin Qui.nn
 
Join Date: Oct 2012
Posts: 780
Default Auction Software Security Evaluation For Exploits

I got into a very particular conversation about max bids with SimpleAuctionSite and how they protect the auction houses from seeing or obtiaing the max bids. The answers I got back didn't leave me warm and fuzzy. They were standoff-ish even as I repeatedly said I would be interested in helping ensure that no one could exploit their software, should something come up.

I can understand the hesitation but I was not asking for much, only a high level explanation of how they do it and I could not even get that.

I liken the request to that of online poker sites publishing their shuffling algorthim. If you are proud of it, and its better than anyone elses, show it off and explain why its better, more safe and give some confidence behind it.

As a security analyst if someone uses their software I would be interested in evaluating that to determine if some one could unethically circumvent the system and obtain max bid information and then publishing the results of that and then HELP them get the problem fixed.

It would be helpful if I could simple see what is provided to the auction house for administration of their auction(what code might have exploits in it) and how the software is implimented into the companies website, so i can see what database exposure their is to data table they might not be allowed to see.

Additionally, something that no one else seems to mention (NOW KEEP IN MIND I AM NOT SAYING THAT THIS IS HAPPENING IN ANY CAPACITY), is that since companies such as this take a percentage of auctions, their is motive their to shill up their auction houses bids. Theoretically it is possible that this can occurr so it can not be excluded from the thought process.

I am not limiting myself to SimpleAuctionSite and im not singling them out although they do appear to be the biggest? or am i wrong about that?

I would be interested in evaluating any software an auction house uses. If you run auction software and would let me take a peek that would be appreciated. Contact me via email please.

Kevin

Last edited by thehoodedcoder; 10-19-2013 at 08:33 AM.
Reply With Quote
  #2  
Old 10-19-2013, 08:35 AM
ullmandds's Avatar
ullmandds ullmandds is offline
pete ullman
Member
 
Join Date: Apr 2009
Location: saint paul, mn
Posts: 11,237
Default

Go Kevin!!!!!
Reply With Quote
  #3  
Old 10-19-2013, 10:23 AM
atx840's Avatar
atx840 atx840 is offline
Chris Browne
Administrator
 
Join Date: Jul 2009
Location: Calgary
Posts: 3,735
Default

Kevin, I didn't get a chance to ask this during the National diner when they were presenting but I'm wondering if the database(s) for the auctions listings, client information and most importantly the bidding activity is stored on Simples servers or can the software be hosted privately? Who owns the DBs & data?

Are AHs provided with the option to export data or take a backup and save it locally? Having admin access to these DBs wouldn't take long to see our max bids.
__________________
T206 gallery
Reply With Quote
  #4  
Old 10-19-2013, 11:57 AM
thehoodedcoder thehoodedcoder is offline
Kevin Qui.nn
 
Join Date: Oct 2012
Posts: 780
Default

That was the exact question I asked and was most curious of.

At first he said "you own the database and we own the code". That is a direct verbatim quote from a phone conversation.

He later changed that and said he didn't say that so its open for debate or not. Knowing how the software is architected will answer that.

I firmly believe he does not remember saying that as he was a little huffed about the fact I thought the price was high and did not think how much or frequent or how much money i make from the software should dictate my pricing model.

We later debated that via email.

How it's designed makes all of the difference. Any takers?

Kevin
Reply With Quote
  #5  
Old 10-19-2013, 11:58 AM
ullmandds's Avatar
ullmandds ullmandds is offline
pete ullman
Member
 
Join Date: Apr 2009
Location: saint paul, mn
Posts: 11,237
Default

I'm a computer retard!
Reply With Quote
  #6  
Old 10-19-2013, 12:08 PM
brob28's Avatar
brob28 brob28 is offline
Bi11..R0berts
Member
 
Join Date: Feb 2010
Location: Michigan
Posts: 1,134
Default

Quote:
Originally Posted by ullmandds View Post
I'm a computer retard!
I'm in the boat right next to Peter so if this next question is ignorant please help me understand why.
Could they be reluctant to give this type of information out for fear that it could then be used to hack or somehow exploit the software by bidders or others?
__________________
Successful transactions with: Chesboro41, jimivintage, Bocabirdman, marcdelpercio, Jollyelm, Smanzari, asoriano, pclpads, joem36, nolemmings, t206blogcom, Northviewcats, Xplainer, Kickstand19, GrayGhost, btcarfango, Brian Van Horn, USMC09, G36, scotgreb, tere1071, kurri17, wrm, David James, tjenkins, SteveWhite, OhioCard Collector, sysks22, ejstel. Marty
Reply With Quote
  #7  
Old 10-19-2013, 02:55 PM
steve B steve B is offline
Steve Birmingham
Member
 
Join Date: Sep 2009
Location: eastern Mass.
Posts: 8,087
Default

Quote:
Originally Posted by brob28 View Post
I'm in the boat right next to Peter so if this next question is ignorant please help me understand why.
Could they be reluctant to give this type of information out for fear that it could then be used to hack or somehow exploit the software by bidders or others?
Possibly.

The cost of writing it might have been fairly high, and/or they may consider their software to be a trade secret of sorts.

Hardly anyone will easily give up the source code. To the point that most license agreements (That long thing you check off as agreeing to when installing software) Expreessly forbid accessing it in any way.
And I think many of the larger companies consider removing source code from the company system or premises to be a firing offense.

It's compiled, which means put in a form the computer can use it that wouldn't make any sense to nearly anyone. It can be decompiled to get back to the original program, which is what they forbid. I've been told it's not necessarily easy, but possible.

I could be wrong about any of that, but I think I've got it right in a general sense.

Steve B
Reply With Quote
Reply



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
1921-23 E220 National Caramel Dating Re-evaluation rhettyeakley Net54baseball Vintage (WWII & Older) Baseball Cards & New Member Introductions 61 07-07-2023 11:49 AM
Auction Software user question REA danmckee Net54baseball Vintage (WWII & Older) Baseball Cards & New Member Introductions 19 05-03-2011 09:25 PM
Teddy Ballgame's War Exploits Archive Net54baseball Vintage (WWII & Older) Baseball Cards & New Member Introductions 37 08-19-2007 03:00 PM
Need genuine evaluation(s) from U-in the know Archive Net54baseball Vintage (WWII & Older) Baseball Cards & New Member Introductions 35 09-21-2003 02:01 PM


All times are GMT -6. The time now is 10:09 AM.


ebay GSB