It turns out that the travel reservation site 'I see people other than you now' was a lie
When searching for accommodations or boarding passes on accommodation reservation sites, flight reservation sites, etc., a small message next to the search candidate such as “None of you are watching the same page now” is displayed. There are times. In overseas travel reservation site OneTravel, security researcher Ophir Harpaz discovered that this displayed number was not a real-time number of simultaneous connections to the page, but actually a random number.
When Mr. Harpaz tried to reserve a boarding pass for an airplane with OneTravel, it was said that '38 people are checking this boarding pass', in order to expedite the reservation purchase. “Is 38 people checking?” Harpaz was impatient, but he seemed to have doubts that 38 people were checking this boarding pass.
[1/4] Ok this is really funny, check this out.— Ophir Harpaz (@OphirHarpaz) October 16, 2019
I was in the process of booking a flight via @OneTravel . Trying to make me book ASAP, they claimed: '38 people are looking at this flight'.
Whoa, 38 is a lot, I have to hurry up.But first I have to check how they came up with 38 >> pic.twitter.com/UaGhaiCQrR
Therefore, when Harpaz confirmed how this number was acquired, it turned out that the class name of the element corresponding to “38” is “view_notification_random”.
[2/4] Right click and a quick 'inspect' on the number, I found out the element's class name is 'view_notification_random'.— Ophir Harpaz (@OphirHarpaz) October 16, 2019
Awesome variable naming guys.
So you're _randomly_ trying to freak me out.Alright >> pic.twitter.com/xnL3hsZLP5
[3/4] So what's your sophisticated pseudo-random algorithm?— Ophir Harpaz (@OphirHarpaz) October 16, 2019
Apparently, OneTravel are choosing a number between 28 and 45.
Because as you all know, based on serious psychological research, these numbers tend to make people book their flights fast #sarcasm # not42 >> pic.twitter.com/r2IrYhxr28
Isn't this way illegal for Harpaz's tweet? There are many voices.
“I don't know what will happen in the US, but in the EU, OneTravel is penalized for scamming consumers.”
I do not know the laws in the US, but within the EU this company would get a penalty for consumer deception.— Christopher Dosin (@christopherdosi) October 18, 2019
Some people sympathized with the site developers, 'Maybe the developers haven't agreed with this method, so they didn't hide the source code on purpose.'
Maybe the developers don't agree with the practice so they are not putting effort in hiding it ????— David da Silva @ LDN ???????? (@dasilvacontin) October 18, 2019
On the other hand, 'Math.random () is not secure for encryption. I use Crypto.getRandomValues (),' and some people messed up the code for random number generation.
Math.random () isn't cryptographically safe. I'd rather use Crypto.getRandomValues () ????— Cl1pp0 (@ cl1pp0) October 19, 2019
in Web Service, Posted by log1i_yk