guest2013-1
guest
- Joined
- Aug 22, 2003
- Messages
- 19,800
Someone fancy a story? Here's a fun one, happened to me yesterday, here's the run-up to the event:
So in May (I think) I get a call from someone who'd like me to analyze a website/service for them as they'd like to invest in the idea and get some big players (like Sasol) involved.
Now the basic idea was/is, to sell vouchers for you to be able to play the lotto on your phone (via WAP) at petrol stations by loading the voucher onto your account (the web one, not the phone) and playing your favorite numbers like that.
At first glance you guys probably agree with me... but wait... there's more...
So I went and registered with my phone, not much hassle but the registration process could be streamlined a bit. I immediately started getting SMS notification on upcoming lotto draws (usually for that day, and an extra SMS if it was a big guaranteed one, sometimes even if the rugby was on and we won etc). And also the results of the draw. This wasn't even that I played the lotto through their system, but I got the SMS'es
So a few weeks pass and I get the chance to fully evaluate the system as a 3rd person. They briefed me more or less what they wanted me to do and report on and how they were briefed by this company so I went ahead and did what I do best...
I got quotes for the proposed scratch cards for voucher numbers
I checked out on average how many SMS's they send out each week to 1 person
And all I did was run the numbers. The business would lose approx. R55000 per month if they had 10000 users spending R100 each on the lotto. The lotto kickback is only something like 3 or 4%. So you can imagine they had the odds stacked against them with distribution of the vouchers, paying dedicated staff to handle the lotto machine feeding it tickets until the (proposed) 8pm cut off time (something I know competitors have made till 4pm due to volume) so yea.
I also checked the (ASP) site for minor SQL injection attacks. none existed (to my knowledge) and I logged in. I was able to buy R1000 worth of lotto tickets that went into play almost immediately and stayed that way for about 3 weeks with bogus credit card details I gave the site. So...
I highlighted the negative points AND positive points of the system and proposed some of my own ideas. I felt the report was kind of cool seeing as though I'm objective, gave constructive criticism and that they can make a call from there ...
Then for some reason my contact details were either given to this guy, or the report was shown to the guy (guy in question is the owner) and he phoned me up and flipped his lid. Went ballistic that I didn't even bother phoning him to hear his side of the story so I apologized and told him that I did highlight some of those points in my report, how to fix them and how to go forward and that it wasn't all negative.
So he "explained" to me how it would work. That this is just a test run, that what I did was a fluke and shouldn't have happened and that SMS's would be charged for etc. (Because that was the bulk of the money they're losing out on)
My SMS's then stopped for a couple of weeks, and ... .boom... started again.
I tried logging into their website to see if there's an unsubscribe feature for it, but my password didn't work anymore (gee I wonder why). Then I e-mailed them to get my password (nobody received my email it appears) and I even tried keywords on the SMS like "stop" etc which didn't work (there was no unsubscribe message on the SMS)
So I complained to WASPA. At first the network denied ever sending my cellphone any sort of SMS, I then gave them evidence, specific time and dates and yesterday, boom. My number got unsubscribed by WinSMS and I got one saying I was unsubscribed and if I still had problems to please contact xyz.
A few hours later I get a call from JHB. Now some of my clients are there, the number looked familiar so I answered.
Same guy, started screaming at me and how I was going to be fired and that I'm a **** and won't get work in this country ever again. (This amused me because I don't work for anyone, I work for myself, and besides 90% of my work comes from overseas atm)
He claimed I hacked his website and he's going to phone my boss and tell him to fire me blablablablabla. So I calmly explained to him I couldn't log into their website to turn anything off and that my emails for support went unheard. He said (no suprise) they didn't get any email so I said "ah, well, that explains why I had no joy,it was probably spam filters"
He then has the nerve to go, "Yes but what RIGHT have YOU to complain. You hacked my site". So I told him I do have the right to complain as a human being and a consumer. He then threw the hacking into my face again and I told him, as a cellphone consumer from MTN, MTN are bound by law to adhere to WASPA and I do have the right to complain if I can't get removed from someone's SMS list.
He calmed down a little and then started yelling again about me hacking their site and that my password is blank anyway, so I told him, "First off, I registered legitimately via my cellphone, this explains why my current password didn't work" (I felt I had to leave out the part that their website obviously doesn't work as intended then to not piss the guy off more). "... and the 'hack' was simply entering fake credit card details in your system which you accepted, and explained to me at a later date how it worked and that it has changed" which calmed him down slightly and I got an agreement out of him.
He sort of pissed-off-ed-ly put down the phone after saying goodbye still, but it was seriously an adrenalin rush having this guy yell at me.
And at the end of the day I was like "Fire me? I don't have a job! lol"
Plus the company I did this for has known me for about 7 years now, I doubt they'll listen to him. And that's my story.
so sorry guys, I can't do any work for you because I can't find anything cause I'm blacklisted
So in May (I think) I get a call from someone who'd like me to analyze a website/service for them as they'd like to invest in the idea and get some big players (like Sasol) involved.
Now the basic idea was/is, to sell vouchers for you to be able to play the lotto on your phone (via WAP) at petrol stations by loading the voucher onto your account (the web one, not the phone) and playing your favorite numbers like that.
At first glance you guys probably agree with me... but wait... there's more...
So I went and registered with my phone, not much hassle but the registration process could be streamlined a bit. I immediately started getting SMS notification on upcoming lotto draws (usually for that day, and an extra SMS if it was a big guaranteed one, sometimes even if the rugby was on and we won etc). And also the results of the draw. This wasn't even that I played the lotto through their system, but I got the SMS'es
So a few weeks pass and I get the chance to fully evaluate the system as a 3rd person. They briefed me more or less what they wanted me to do and report on and how they were briefed by this company so I went ahead and did what I do best...
I got quotes for the proposed scratch cards for voucher numbers
I checked out on average how many SMS's they send out each week to 1 person
And all I did was run the numbers. The business would lose approx. R55000 per month if they had 10000 users spending R100 each on the lotto. The lotto kickback is only something like 3 or 4%. So you can imagine they had the odds stacked against them with distribution of the vouchers, paying dedicated staff to handle the lotto machine feeding it tickets until the (proposed) 8pm cut off time (something I know competitors have made till 4pm due to volume) so yea.
I also checked the (ASP) site for minor SQL injection attacks. none existed (to my knowledge) and I logged in. I was able to buy R1000 worth of lotto tickets that went into play almost immediately and stayed that way for about 3 weeks with bogus credit card details I gave the site. So...
I highlighted the negative points AND positive points of the system and proposed some of my own ideas. I felt the report was kind of cool seeing as though I'm objective, gave constructive criticism and that they can make a call from there ...
Then for some reason my contact details were either given to this guy, or the report was shown to the guy (guy in question is the owner) and he phoned me up and flipped his lid. Went ballistic that I didn't even bother phoning him to hear his side of the story so I apologized and told him that I did highlight some of those points in my report, how to fix them and how to go forward and that it wasn't all negative.
So he "explained" to me how it would work. That this is just a test run, that what I did was a fluke and shouldn't have happened and that SMS's would be charged for etc. (Because that was the bulk of the money they're losing out on)
My SMS's then stopped for a couple of weeks, and ... .boom... started again.
I tried logging into their website to see if there's an unsubscribe feature for it, but my password didn't work anymore (gee I wonder why). Then I e-mailed them to get my password (nobody received my email it appears) and I even tried keywords on the SMS like "stop" etc which didn't work (there was no unsubscribe message on the SMS)
So I complained to WASPA. At first the network denied ever sending my cellphone any sort of SMS, I then gave them evidence, specific time and dates and yesterday, boom. My number got unsubscribed by WinSMS and I got one saying I was unsubscribed and if I still had problems to please contact xyz.
A few hours later I get a call from JHB. Now some of my clients are there, the number looked familiar so I answered.
Same guy, started screaming at me and how I was going to be fired and that I'm a **** and won't get work in this country ever again. (This amused me because I don't work for anyone, I work for myself, and besides 90% of my work comes from overseas atm)
He claimed I hacked his website and he's going to phone my boss and tell him to fire me blablablablabla. So I calmly explained to him I couldn't log into their website to turn anything off and that my emails for support went unheard. He said (no suprise) they didn't get any email so I said "ah, well, that explains why I had no joy,it was probably spam filters"
He then has the nerve to go, "Yes but what RIGHT have YOU to complain. You hacked my site". So I told him I do have the right to complain as a human being and a consumer. He then threw the hacking into my face again and I told him, as a cellphone consumer from MTN, MTN are bound by law to adhere to WASPA and I do have the right to complain if I can't get removed from someone's SMS list.
He calmed down a little and then started yelling again about me hacking their site and that my password is blank anyway, so I told him, "First off, I registered legitimately via my cellphone, this explains why my current password didn't work" (I felt I had to leave out the part that their website obviously doesn't work as intended then to not piss the guy off more). "... and the 'hack' was simply entering fake credit card details in your system which you accepted, and explained to me at a later date how it worked and that it has changed" which calmed him down slightly and I got an agreement out of him.
He sort of pissed-off-ed-ly put down the phone after saying goodbye still, but it was seriously an adrenalin rush having this guy yell at me.
And at the end of the day I was like "Fire me? I don't have a job! lol"
Plus the company I did this for has known me for about 7 years now, I doubt they'll listen to him. And that's my story.
so sorry guys, I can't do any work for you because I can't find anything cause I'm blacklisted