solarforceflashlight-sales.com - member list accessible by public

Like you said, they acknowledged the mistake and quickly fixed it. I haven’t bought anything there for a while, but I don’t see why I shouldn’t continue to do so. Their prices and customer service is pretty good.

As for my online information, I guess that is the price we all pay when we do shop online. We hope that these online stores have it in our best interest to make sure our information does not go to those who are not meant to get access to it. It just happens to be, things like this just happens.

Same email here too.

Its always wise if you ask me. Even with CC companies and PayPal there is limited security so a website is bound to have less than ideal security. Any step you can take to minimise risk makes it harder. They dont need your full name anyway, Mr Whatever your last name is should be ample.

I will buy from them again, probably not too long from now, but it was pretty sloppy if you ask me. Especially when you consider the extra access Toykeeper and Helios managed without trying too hard, and without malicious intent.

Breaking news:

Solarforce has changed its sales policy to “pay what you want,” enabling anyone to choose how much to pay for their products.

Try to be nice… SF were probably deceived by a web design company which claimed to be more competent than they really are, and it’s probably going to cost quite a bit to find someone who knows what they’re doing and rebuild it correctly. Competent web developers aren’t cheap.

Aircraft aluminum ..?

I've always wondered ....Is that from old planes ?

Hi everyone,

If you know how to gain access to their admin page, please do NOT post how to do so publicly.

Additionally, please send an email to Solarforce urging them to submit a Google Cache removal request at this URL:
https://support.google.com/websearch/troubleshooter/3111061#ts=2889054,2889060

If anybody else knows how to submit a Google takedown request against a site you don’t own, I’d appreciate a link. I tried to submit a takedown request, but Google’s convoluted “troubleshooter” process just goes in circles and doesn’t allow me to submit requests against a site I don’t administer.

I thought products required a login even before they fixed the member list. :~ Was there another vulnerability or just an extremely weak password? Brute forced it?

It looks like there is an unfixed vulnerability still. If anybody knows what it is, please do NOT post it. Thanks in advance!

Thanks for this, Sb. There are literally hundreds of pages to request. :~

Yes, and unfortunately I believe that Google’s cache removal tool for the site administrator requires manually adding each URL, and wildcard * matches aren’t available.

Incorrect, when you recycle your flashlight they will use it to make airplanes, aluminum for the skin, circuitry for the autopilot and LED for the onboard heaters.

Right, but even if you would find the correct link (I didn't) they wouldn't take it away, because: (see "will not")

If your going to be incompetent might as well go all out! :bigsmile: :~

Actually, not that many cached. I filed over 50 pages with only two duplicate. Hopefully others are sending requests.

I'd suggest anyone concerned of their personal information to:

1. Go to http://www.solarforceflashlight-sales.com/member.php

2. Log in (with your own account)

3. Move mouse over the "Hi, <your name>" on the upper right corner

4. Select "Modify profile" -> remove name, telephone & address (= replace with some nonsense)

5. Save changes with "Update"-button

This will leave your email address visible, but effectively removes other personal information.

http://www.willtec.com.hk/services

Glad BLF can assist them in their ongoing learning.

H)

My personal info now reads:

Name: quijibo
Telephone: 99999999999999999999999
Address: Get some better web developers!

Thanks on the tip on how to update your profile the, changed mine!

Now how do you change the cost of all the lights to $1 ??? Just kidding! :bigsmile: