Bonum Certa Men Certa

More Microsoft Cashback Flaws, Cashback Actually a Throwback, Internet Explorer Gets More New Flaws (Zero-Day)

Cash register



Summary: Microsoft's plan to "bribe" users of its search engine are flawed and are actually costing more than they save; New risks for Internet Explorer users

LAST WEEK we wrote about a Cashback flaw that led Microsoft to intimidating and harassing a blogger rather than fixing the problem [1, 2]. Mike Masnick writes about this leading to the revelation of only more problems.



I'd been meaning to write this up for about a week, but finally got it around to it, just in time to add some additional info. First up, though, comes the news that Microsoft's legal department demanded a blogger remove a blog post about flaws in Bing's Cashback offer (Microsoft's attempt to bribe users to search via Bing instead of Google). One of the methods for the cashback offer involved pixel tracking, and blogger Samir Meghani noted that this was easily gamed to post fake transactions to your account. He also noted problems with the way Microsoft used sequential IDs, allowing potential scammers to "deny cashback rebates to legitimate users by using up available order ID numbers." Instead of dealing with these flaws, Microsoft lawyers sent a cease-and-desist and forced the blog post offline. I'm actually quite surprised this hasn't received a lot more attention.


According to this new report, Bing cashback can actually be negative, i.e. only giving an illusion of savings.

So, if I go directly to butterflyphoto.com, I pay $699 with 0% cashback. If I use Bing Cashback, I pay $758 with 2% cashback, or $742.84. Using Bing cashback has actually cost me $43.84, giving an effective cashback rate of -6.27%. Yes, negative cashback! Is this legal? False advertising? I don’t know, but it’s pretty sketchy.

The problem doesn’t end there. Using Bing has tainted my web browser. Butterfly Photo set a three month cookie on my computer to indicate that I came from Bing. Any product I look at for the next three months may show a different price than I’d get by going there directly. Just clicking a Bing link means three months of potentially negative cashback, without me ever realizing it. I’m actually afraid to use their service even just to write this, because it may cost me money in the future. If you’ve been thinking about trying out Bing Cashback, you may want to rethink that.

To be fair to Microsoft, they aren’t offering negative cashback on every item at every store, but I know of more than a few instances. Let’s see if/when they decide to remove this “feature.”


So, it turns out that there is this other flaw in Cashback, albeit of a different kind. And a few days ago we wrote about an Internet Explorer 6/7 zero-day flaw which Microsoft finally confirms.

Microsoft has published Security Advisory (977981), confirming reports of a "zero day" vulnerability in Internet Explorer 6 SP1 and IE7. If you were thinking of upgrading to IE8, this would be a good time to do it. Microsoft says there have been no known attempts to exploit the security hole, but this could change at any time.


Another major bug in Internet Explorer is said to have just leaked private details from 50 million PDF files.

A bug in Microsoft's Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.


As another last item, Cameron Neylon is quoted as follows: "would you...contribute to a survey on tech uptake...survey only available to those using Windows and IE"

Glyn Moody asks: "possible bias?"

Well, of course. Many surveys are just like that. By selecting the population that they reach they can impact ("cook") the outcome. Microsoft does this a lot to discredit competition.

Recent Techrights' Posts

It's FOSS? No, It's SPAM.
Another sellout
Techrights is Officially an Adult
this site's eighteenth anniversary
Technology: rights or responsibilities? - Part IX
By Dr. Andy Farnell
 
Links 05/12/2024: Mass Layoffs at Microsoft's PR (Bribery of Media) Agency, UnitedHealthcare CEO Shot Dead
Links for the day
GNU/Linux news for the past day
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 04, 2024
IRC logs for Wednesday, December 04, 2024
Links 05/12/2024: Formaldehyde and Cancer, US and China Boycotting One Another
Links for the day
Gemini Links 05/12/2024: Hermeticism, Living in the Shell, and More
Links for the day
At the OSI, Microsoft Operative (Funded by Microsoft) Promotes Proprietary Software of Microsoft
The OSI is deeply corrupt. The good news is, it's barely hiding it anymore.
Links 04/12/2024: Social Control Media Thoughts, Enrons of 2024, and More
Links for the day
Gemini Links 04/12/2024: Soviet Esotericism, Mikrotik is Awesome, and More
Links for the day
Many Geeks' Achilles Heel: They Don't Take Computer Breaks
Life can get longer if you stay healthy
[Meme] Silicon Valley's "Successful Businessmen"
Debt is not a currency
Visualising About 0.7 Trillion Dollars of Debt in Supposedly "Successful" Tech Companies
If they're doing so well, how come they borrow so much money (which some would struggle to pay back or never manage to pay back)?
Single-Digit Microsoft: Windows Finally Falls Below 10% in Angola
it's only a matter of time before Windows is down to 5%
Coming Up With Topics to Cover and Issues to Comment on
Socialising is a big part of it
In Asia, Microsoft's Bing Became Smaller Than Yandex and It Shrinks Every Month
How long before Microsoft pulls the plug on Bing?
[Meme] Far From What Was Originally Intended
Makes site about RMS; Deletes his own 'site'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 03, 2024
IRC logs for Tuesday, December 03, 2024
Illuminating Microsoft's Dirty Tactics
Criticising illegal things that Microsoft does can be classified as "Microsoft bashing" or "hatred"
Proof That Drew DeVault Vanished From Mastodon After the RMS Attack Site Was Linked to Him (and People Pointed Out DeVault's Fascination With Animated CP, Drawings of Naked Kids)
We assume he just wanted to vanish from Mastodon
Maybe Bill Gates is Getting Demented Like His Late Father (He Says Things That Are True But He's Not Supposed to Say in Public)
It happened in a podcast with Reid Hoffman
We've Clearly Struck a Nerve
Microsofters and Microsoft proxies have meanwhile lost their temper
The Userbase of GNU/Linux is Growing, Investments in the FSF Grow Too (in Spite of Microsofters Inciting and Slandering It)
The FSF's expenses are close to 2 million dollars a year
Links 03/12/2024: Pat Gelsinger's Firing Spun as 'Retirement', US Exports Land Mines
Links for the day
Links 03/12/2024: GrapheneOS, Raspberry Pi 4, and More
Links for the day
Links 03/12/2024: Googlebombing "Windows 12", Games Preservation, and Public Domain Game Jam
Links for the day
Steven J. Vaughan-Nichols (SJVN) 'Works' for Linux Foundation (LF) on SPAM Campaigns, Just Like Spamnil's TFiR (Swapnil Bhartiya)
How can he publish something like this under his name?
Microsoft's Debt Ratio is Awful
It owes almost 150% of what it can give
Microsoft Has Already Laid Off Tens of Thousands of Workers, "Headcount" is Misleading Spin From Microsoft-Funded Sites
Expect Microsoft to suck up to Trump, looking for more bailouts (those typically manifest themselves in the form of "defence" contracts)
South America: GNU/Linux Grew to 8.15% Venezuela, Steadily Over 3% Overall
holding steady above 3%
Clownflare (Cloudflare) Debt Grows, Losses Continue
debt of nearly $400,000 per employee
Gemini Links 03/12/2024: December Adventure and Social Justice Gone Wild
Links for the day
Microsoft Windows Falls to 12.5% in Cuba, Android Soaring
Windows isn't even doing too well on desktops/laptops
[Meme] GAGAM: Google, Apple, Gulag, Amazon, Microsoft, and the Rest
The Web has never been more dangerous and hostile
ChromeOS Isn't Freedom, But It's Killing Microsoft's Ability to Profit From Windows
ChromeOS has shot up to 22% in Sweden
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 02, 2024
IRC logs for Monday, December 02, 2024
The L Word (Not Linux)
Championing Software Freedom is "dangerous"
Did IBM Layoffs Stop? Ask Dr. Krishna, The 'Genius' of IBM...
Trust AK to solve all the problems of IBM by creating bigger problems
It's Easy to Snyk in Marketing SPAM (and FUD) Into BetaNews
The latest marketing piece (disguised as information, not shameless self-promotion)
[Meme] Sportwashing vs Code of Censorship (CoC)
Expectation of censorship (censor for me... or else!)
GNU/Linux at 4% in Algeria
So it more than doubled since last year
With 4 Weeks to Go (Before the End of 2024) the FSF Has Already Raised Close to 100,000 Dollars
The FSF must be doing something right
"Linux on the Desktop" (Less Than a Third of Web-connected Computers Still a Desktop or Laptop)
It's like we're chasing a goal that's 2 or 3 decades in the past
[Meme] The Failure of Microsoft Rebranding Campaigns
market share down, costs soared, back to basics
2 Years Have Passed Since ChatGPT Vapourware and Bing Gained Nothing, Yandex is About to Overtake Microsoft in Search
A cause for concern at Microsoft?
GNU/Linux Rises to 4% in Ireland, ChromeOS Grows and Android Takes Windows' Lunch
Windows down to 22%
[Meme] Meanwhile at Intel (Where the CEO Got the Boot)
Well, if taxpayers pay to save Intel, then Intel should be publicly owned (by those taxpayers)