Email: 420Magazine Admins Put Down Bong; Patch Website
I got a late night email exchange from the administrators of 420magazine.com, a website that I reported had been delivering malware to its stoner readership. The gist of their email was “Dude! Totally not our fault!”
Email exchange below. read from the bottom up. 420’s responses in bold:
It’s a security hole found in the banner rotation software, not the banners and has nothing to do with our sponsors.
You better hope it doesn’t happen to your site one day, from a plugin or script that got hacked.
Happens every day, it’s not our fault.
Greenest Regards,
Webmaster—————–
Subject: Re: 420 – MalwareNo, you choose shitty ad partners to maximize profits from stoners. You promote their ads and potheads get their meager bank accounts drained by installing botnets on their computers.
Just roll another fattie. Don’t worry. Be happy.
Will you admit your mistake to your users and offer free credit monitoring? Or hope they are too baked to notice that money goes missing from their accounts?
———————
On Aug 8, 2014, at 11:45 PM, “Webmaster”
wrote: It’s a security hole in our banner ad software that we’ve been working on for the last 9 hours and are almost done.
We feel like shit because of it, how do you feel for making fun of other people’s pain?
Greenest Regards,
Webmaster
————-
Subject: Re: 420 – MalwareThat’s awesome! So how do you feel about delivering malware to potheads?
————–
On Aug 8, 2014, at 7:54 PM, “Webmaster”
wrote: We don’t have time for Twitter, don’t even look at it.
Our first priority is our own website, second is Facebook and Twitter just re-posts our Facebook posts.
We are a small company with a small staff and simply do not have the help to maintain it, sorry to let you down.
Greenest Regards,
Webmaster—————–
Subject: Re: 420 – MalwareYou not know how it works? #shame
——————
On Aug 8, 2014, at 7:25 PM, “Webmaster”
wrote: We do not reply to Twitter.
Greenest Regards,
Webmaster——————
Subject: Re: 420 – MalwareBTW I tweeted u guys prior to publication and received no response.
————-
On Aug 8, 2014, at 7:04 PM, “Webmaster”
wrote: Hi Pat,
Did you write this?
Thank you.
Greenest Regards,
Webmaster
They claim it’s taken nine hours to patch an ad rotation banner plugin that had a vulnerability. Pretty sure that’s a copy and paste job from source code. I think if I were stoned constantly, it would take me 9 hours to copy and paste code too. Im sure these geniuses aren’t sitting around a whiteboard stepping through lines of PHP code to harden their security. Probably watching Cheech & Chong movies and wearing Doritos packaging like feed bags.