14 comments

[ 3.1 ms ] story [ 23.6 ms ] thread
Is this legit? It doesn't look like it -- it just hammers (20 parallel connections) BinaryAge's ecommerce provider's site searching for all permutations of coupon codes.
It appears that's exactly what it's doing. Legit, no. The weakest thing I've seen on HN, yes. Come on guys, really.
The script makes 175760 permutations. For me the script takes around around 1.5 seconds to query the page each time. 175760 * 1.5 / 60 = 4394 minutes / 60 = 73.23 hours of constantly hitting the site. I'm not sure how the parallel connections it uses will impact the speed, but 3 days seems feasible. Not to say that this should ever be tried.
And yet it generated 200+ Valid License within 15 minutes. What about running it on EC2 instances ?
Seems like this python code is generating "working free licenses" for TotalFinder.
Yeah, it looks like it goes through each possible permutation of coupon codes for the BinaryAge Total Finder online store [1]. These codes seem to be in the format THANKSXXXX, where X is a random number/letter.

It generates a set of possible codes and then queries the website for each one of those codes. When it finds a correct coupon code permutation it outputs the code to the screen and writes it to a file. (Presumably so that the coupon can be reedemed for a free, illicit, copy of the program)

[1] http://sites.fastspring.com/binaryage/product/totalfinderfre...

Hi guys, TotalFinder creator here :-) And yes, I did not create that script.

First, big thanks to some HN guys to ping me so early. I had to shut down my coupon-based links for the time being.

Anyways I should thank those hackers, it looks someone did a promo action to my software here on HN ;-)

Love your Software. It is Awesome :D
I couldn't stand the fact that it was free for google and apple employees :)
quick question: how do you plan to improvize the free coupon system and make it more secure against these type of "weak" attacks?