Singulière histoire que cette correspondance entre Ryanair et Jason Roe (un client de la compagnie et par ailleurs blogueur).
L'histoire est la suivante : Roe découvre découvre un bug dans leur site de vente en ligne, lequel permet de commander des places... sans frais ! Il s'en amuse et en fait part à la compagnie via son blog. Il aurait pu en profiter en douce et le dire discrètement à ses amis ; mais non, il partage et fait savoir. Bien.
Quelle ne fut pas sa surprise de recevoir une réponse pleine de mépris et de fatuité !
Je vous cite les commentaires 10 et 15 de cette compagnie :
jason!
you’re an idiot and a liar!! fact is!
you’ve opened one session then another and requested a page meant for a
different session, you are so stupid you dont even know how you did it!
you dont get a free flight, there is no dynamic data to render which is
prob why you got 0.00. what self respecting developer uses a crappy CMS
such as word press anyway AND puts they’re mobile ph number online, i
suppose even a prank call is better than nothing on a lonely sat
evening!!
et aussi
Hehe - I found a bug that lets me show anything I want on your site.
All I have to do is put something along the lines of
javascript:void(document.write(’hehe’)) into the address bar, and I can
do whatever I want with your site ( or indeed any other site ).
I’m not sure what you think you’ve achieved here - that wouldn’t
have gotten you through to the back end. You wouldn’t even have been
able to enter passenger information.
You must never have seen a decent exploit, if you think this is something worth bragging about.
There is another exploit you could try - wait until we’re running a
promotion when we give away a million odd seats for free anyway.
Plus fort encore, le commentaire 26 :
Website is not perfect, Life is not perfect…
If you would work in your pathetic life on a such big project in a such
busy environment with so little resources, you would know that the most
important is to have usual user behavior scenarios working rather than
spending time on improbable and harmless things.
We very well know about these anomalies and unless it is not critical we are not going to sacrifice time to this.
If you would be a serious programmer you would know these things and
would not post any of this on the web if you would think it can cause
us troubles, but you would report to us directly.
Even you did not discover anything major you are still trying to benefit from this.
If I would be you I would think of consequences this can have.
If you would be a serious developer you would work out your About page
as well. Or is this really about you? What is that bunch of links
there? I could give my review of those websites and it would not be
positive probably, but really I don’t know if you actually worked on
them or what exactly you did and how big influence you had to make
changes there. So keep working on yourself and don’t post bollocks.
On en est presque à douter que ce soit le représentant officiel d'une société qui parle ainsi, ou que ce salarié veuille du bien à sa société ! Je ne parle même pas des effets dévastateurs que cela peut produire, mais simplement de politesse et de respect.
Et pourtant, ces commentaires proviennent bien d'un membre du staff de Ryanair, comme le confirme Roe lui-même (commentaire n° 401).
Au bout du compte, peu importe pour Ryanair. le mal est fait. L'affaire a juste été reprise... par CNN le 25 février, soit moins d'une semaine après que Roe ait publié son article. Son post a juste reçu... 504 commentaires sur son blog et il pourrait fort bien dépasser les 1000.
"Laissons les blogueurs à leur blogosphère ; nous sommes trop occupés à travailler, disent-ils".
Magnifique. Enorme.
