|
chukslist (m)
|
We just launched www.chukslist.com . Please take a look at the site. The chukslist team will appreciate your honest comments! |
|
|
|
|
|
Seun (m)
|
Very pleasing design.
|
|
|
|
|
|
yawa-ti-de (f)
|
Nice layout. By the way, I just sent you 5 blank emails, my way of saying you should do something about your form validation  |
|
|
|
|
|
chukslist (m)
|
@yawa-ti-de, interesting name by the way, I am definately not a techy, I am handling marketing for the site, but what do you mean by form validation  , and u said you send me blank emails??? |
|
|
|
|
|
chukslist (m)
|
I am glad you like the site, please sign up, the user base is growing daily, and i'm sure the site could be of use to you if u are into any king of sales or own a business and need to advertise, Please tell your friends, we appreciate you.
Thanks for taking the time!
|
|
|
|
|
|
chukslist (m)
|
yawa-ti-de, I just took a look and saw the blank emails. I will foward your comments to the tech guys to see what the have to say about that, may be a loophole! thanks for the heads up! |
|
|
|
|
|
nitation (m)
|
@ Chuklist I think you gonna report more bugs to your techies. The look and feel of the web page is great, but the security of your members wasn't checked thoroughly  Take a look at this. An attacker could deface your website without your knowledge  Proof of concept [] - nitation |
|
|
|
|
|
chukslist (m)
|
Truely disturbing. I thought the web server usually prevents this , and the main loophole for this would be some form of social engineering that would leak your password. What's your take on the solution? I appreciate all comments about the site, more are welcome!
|
|
|
|
|
|
nitation (m)
|
I think all you need to do now is to speak to your tech guys about the fix. i don't know how to start explaining!
- nitation
|
|
|
|
|
|
chukslist (m)
|
Most definately. A meeting has been set up.
Thx
|
|
|
|
|
|
Don4life
|
Nice Site u Got |
|
|
|
|
|
chukslist (m)
|
Thanks, Please register, tell your friends and be sure to use the site, the platform can only get larger!
|
|
|
|
|
|
*dhtml
|
Yeah right, the layout is nice. My reviews . . . guess yawa has already said it all and nitation too . . .
|
|
|
|
|
|
nitation (m)
|
@chuklist Why don't you secure the webpage first before requesting for sign ups?? Every variable used on that website is vulnerable to an attack. Am not trying to brag here but it's important. What does it profit an application with 3 million active users but vulnerable to database disclosure???  Maybe someone can help me with the right english. - nitation |
|
|
|
|
|
*dhtml
|
I think i want to start selling emails sef, harvesting emails from all of these them free-for-all sites will be a great source of business. . .starting off with 3 million emails will not be a bad idea . . . lemme start getting the sql injections ready . . .
|
|
|
|
|
|
chukslist (m)
|
@ nitation,
Your comments are being taken seriously, and we are taking the necessary steps to ensure security of our user information, between the tech group and the host. I am I marketer, I report my field findings, and I let the techs do their job. I most definately will do mine and continue to get people to take a look at the platform,
Besides comments regarding security, we get recommendations for additions to improve functionality, area coverage, etc. The website will be dynamic based on user demand.
From my novice standpoint, data backup will be my suggested priority. I feel as though if top tier security companies like trend micro, and top IT companies like Google and Microsoft, and social websites like Facebook, could be soiled, then no one is really secure. The key would be taking necessary basic steps, be more enabling than defensive about security, and if there is a lag in the basics of chukslist variables, then the techs have their work cut out for them.
Work is beign done right now to verify and fix the lapses. So you can be sure that user data security is our priority. Your concern is appreciated and is being take seriously. So feel free to register and spread the work about chukslist. I don't know if you have a business, we also advertise for businesses.
We just helped a user get a great deal on a Honda Accord 2005.
Your english is seamless! I hope mine is.
|
|
|
|
|
|
nitation (m)
|
@ chuklist
Kudos.
- nitation
|
|
|
|
|
|
Sam Milla (m)
|
flexible and good layout. havent spent much time on it though.
|
|
|
|
|
|
Seun (m)
|
It's not ok to go about hacking sites and spamming people. Ethics are also important in business.
|
|
|
|
|
|
chukslist (m)
|
Thanks for the feedback Sam and Seun.
Seun, are you getting spammed?
|
|
|
|
|
|
nitation (m)
|
@ Seun
I do not think you understood what the poster requested. From my view, no one has soiled the website in question for any personal gain. It's better to point him now to his errors, rather than allowing someone out there does it.
Point me if am wrong!
- nitation
|
|
|
|
|
|
ztyle (m)
|
Perfect Site, No Critic - just splendid. |
|
|
|
|
|
*dhtml
|
I am not planning to spam anyone, i am just trying to get the guy to work on his security, it is very important. . .
But as you know, if you know how to create security, then you will also know how to break, i am sure nitation agrees
with me very well on that one. . .
|
|
|
|
|
|
|
|
nitation (m)
|
@ Dhtml
Very well. I am still waiting for Seun to explain himself.
- nitation
|
|
|
|
|
|
*dhtml
|
. . .
@poster: i hope you have started working on your security. . .what i notice is that many of our Nigerian developers (at least the ones i know, me inclusive)
do not usually bother about security, not even md5 sef, they just do the thing, collect their money and rush off to the next project. . .
|
|
|
|
|
|
chukslist (m)
|
Yes dhtml, we are working on it, I agree with you, most developers push security to the end of the SDLC, as a rule of thumb, it should be done as early as the feasibility study phase, and no later than the design phase,
Thank
|
|
|
|
|
|
Don4life
|
@seun well u never replyed me why?
|
|
|
|
|
|
*dhtml
|
Yes dhtml, we are working on it, I agree with you, most developers push security to the end of the SDLC, as a rule of thumb, it should be done as early as the feasibility study phase, and no later than the design phase,
Thank
That is why you need to [lagos-slang] shine your eye[/lagos-slang] meaning you need to be observant when you give your work to web developers. . . You need an expert's advice to be sure you are getting good value for your money. . .at least even if the developer is not a security expert there are still some slight stuffs you can add to make it somewhat more secure. . . |
|
|
|
|
|
chukslist (m)
|
@ Ztyle, Sam milla, and other Nairalanders, do you own a business?? We are setting up free ads, Soulmate Industries, a major Nigerian cosmetics company just signed up for ads on Chukslist, others to come,
Since chukslist has roots in Europe and the US, one of our areas of growth as suggested by users will be business relationships between Africa and the rest of the world,
Eventually, businesses abroad will post items on Chukslist, and interested buyers in Africa can get cars, etc for what they are really worth and not the over-rated prices after shipping,
Chukslist will be the middleman and ensure transparency, please comment if you have questions about this,
|
|
|
|
|
|
*dhtml
|
Iight man. . .we are on our way. . .with our blockbuster ads. . .
|
|
|
|
|
|
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
chukslist_vulnerable.jpg (83.8 KB, 1280x800 )
