No, no. I have confirmed that it can't be used in such way. Although I did find a way to do so about half a year ago, which mk had fixed in under an hour if memory serves. Sorry if my writing wasn't clear. EDIT: By the way, while I do sincerely appreciate your response and fast acting, for the future reference please assume that I'm not that irresponsible ;). When/if I find a security problem mk is informed about it ASAP via private message. I wouldn't make a friggin post with a guide on "how you can breach someone's privacy" and make it public like that. I know what I'm doing. ;)
People put a lot of personal stuff in PM's, so if you think you have found a way to get into them or even part of a way message someone who's in charge with the details. Please don't post it for other people to put together their ruin someone's life kit.
Unless I'm coming in too late and there's been multiple edits since, I think its been clear that protocol in such a case has been dealt with in the way you've described. Seeing as both Devac and I have done so, I think it's safe to have hope that Hubskiers wouldn't do that. :)
There were no unmentioned (by me, but I don't recall changes to cgod's posts) edits other than correcting stylistic mistake (missing comma, repeated words like "be used be used"). Plus, in all honesty, if I would ever want to do anything malicious, I would just do it. I have even told so to mk during the correspondence half a year ago that I'm happy he didn't: 1) ignore me completely (like a few website owners before, this included a fairly large electronics store in Czech Republic where I had accidentally obtained access to credit card info of their customers). 2) threaten me with authorities for 'obvious' hacking attempt (their proof was a private message where I have carefully explained how I found an exploit and how they can recreate it. You know, like any true '90s attacker would do to help them seal the breach to give myself a challenge). Since I feel like I'm digging a hole for myself… mk - if this thread will go south, would you mind vouching for my side of the story? :P
Thank you! Sorry to bother you, but as mentioned earlier I did have some nasty experience and accusations before. Regarding 'fixing': side of that robots.txt remark in the original post there's nothing that I would call a bug or problem. I'll repeat that switching /pup/ to /print/ did not grant me any additional access when testing with a different browser where I wasn't logged in (and frankly I made the test before and after purging history and cache , just to be sure (EDIT: changed the sentence because I have realised that it's not the same logical sense as previous "it had its cache and history purged before and after making the test", sorry)). Although while I have your attention, I made another discovery: When I was looking at the homepage I have noticed this under my post: What's weird, is the fact that there is no post by am_Unition. However, after going forward to the post link, it turned out to be private. My logic is that the information about someone making a draft can be accessed in this way. Hardly what you would call as security concern, but it did hit me as odd.
Let the records show that yes, it was a draft. Devac: I had also begun to type a paragraph about what I knew about Mach, but I was two sentences in by the time I hated it. I'm just too busy right now to really contribute much around here :(.
And thus I am correct, thanks for confirming my idea. About the drafted response, I get that. I know that you don't really have the time to be here often, which did not go unnoticed by the way, but I will shamelessly ask you to get back to it when your rush will end. Even if it would be years from now, I'm still going to be curious about what you wanted to say. ;)