|  | 
| 
 Hunt Thread Hey Guys I moved the Hunt thread to a more covert place for a very good reason. Let them deal with their software for a bit and we can discuss it some more after that. I think it's the right thing to do in this case. | 
| 
 I'm the guy that started the thread.  Not that it matters, but it was probably a good thing to move it for a bit.  That said, I'd like to follow any discussion that happens later.  If anyone thinks of it, could you shoot me an email with a link to the new thread once it pops up?  I only visit on rare occasions, so there's a good chance I'd miss it. Thanks, Drew | 
| 
 for those that don't know For those that don't know Hunt Auctions had a very poor situation with security in their s/w last night. It was allowing things to be seen that shouldn't have been, such as other bidders bids, contact info etc....(I think, I never really saw the stuff myself). I got a call from them last night asking if I could do something to help. I moved the thread from the front page to another area and renamed it so as to give them time to fix it. Hunts told me they were working on fixing it last night and they were supposed to let me know when it was done. They didn't ever get back with me. They also said they wished the original poster on this board would have called them about it. I guess he didn't, again, I don't know I am just going by what I was told. Hopefully they have it fixed by now. There really wasn't anymore info in the other thread than is here now.  At any rate that is the story. regards | 
| 
 I thought that I read in the original thread that he said he did call, talk to someone and sent them a link to show them how he was doing it.  That may have been his first thread on the memorabilia side.  As a semi-frequent bidder I would like to know when/if it was/is fixed. | 
| 
 Hard to believe that the state of the art auction software Hunt utilizes encountered any difficulties... | 
| 
 Has not been fixed FYI. | 
| 
 yikes Quote: 
 And Jeff (HRBAKER)- maybe he did call but Sonny, at Hunts, told me he didn't. Maybe if he did he spoke with someone else. | 
| 
 Maddening.  I've almost just given up on them.  I still peruse the catalog when it comes but I have a hard time with the small thumbnail pictures and weird navigation.  I'm computer savvy but that site is ridiculous.  Doesn't do anything you would expect it to.  And that front page with the swirling icons is hideous. And why do I have to keep seeing Michael Jordan everytime I go on their site. It's just odd. I could go on and on but have more important things to do... like ogle at John's back collection. :D | 
| 
 just called again After Jeff P's post above I called Hunts just this minute, again. Sonny told me he tried duplicating the issue while we were on the phone and it seems fixed.  That being said he asked that if anyone sees this issue not being fixed he would appreciate a call at 610-524-0822 to explain it. Just tell the person answering the phone that you are from Net54 and would like to speak with Sonny. He is appreciative of the help. And btw, he and I had a very good, honest discussion pertaining to their website. In no uncertain terms I let him know my thoughts on it and he is in agreement and says they are working on making it better. regards | 
| 
 Not fixed. | 
| 
 nm | 
| 
 Quote: 
 See you in Chicago. | 
| 
 I'm the original poster. I did call and talked to Sonny. I tried to explain it to him and then sent an email with a link showing him just how easy it was to see another bidder's information. After getting my email, Sonny thanked me for alerting him to the problem and said he would pass it along to the appropriate people. I'm happy to share a copy of my sent email if anyone would like to see it. To be fair, I did post to the message board first. Frankly, I suspected that many other people already knew about it, as it was so simple to see th information. I really don't have a dog in this fight at all. I was *stunned* to discover what I did, and I'm nearly certain that others were already aware of it. I am no computer whiz whatsoever. If I was able to see the problem, I'm sure many others did as well. In the end, I hope they fix the problem and that it did not cause any real problems. Should anyone want more information, feel free to email me using the forum link. ajw | 
| 
 I just looked back at my two posts from last night.  I made the first at 7:17 pm EST (or EDT, I can never remember which is which).  At 7:28 I made a similar post to the Collector's Universe board to alert that group of collectors.  I then made a nearly identical post to a different Net54 forum at 7:51 pm.  At 8:06 pm I posted a reply to that message, stating that I had called Hunt and told them about the problem. I guess someone could argue that I should have called Hunt first, but the chronology above is how it went down. ajw | 
| 
 no worries Quote: 
 | 
| 
 I'm no computer wiz either and tried to replicate the issue but couldn't.  I was using an iPad and a Macbook.  Maybe it's a fault with a certain browser?  What browser were you using?  I looked at the source code on the HTML and didn't see anything weird.  The URL at the top didn't change when looking at the overall bids and when you clicked on an item, it gave you the item URL which changed from the huntauctions.com.  I don't want details because ultimately I don't care but just wondering what browser you were using.  I generally can figure out these type things and on a call with HRBAKER last night I couldn't. | 
| 
 Because someone asked, I was using Firefox.  I also use the "No Script" add-on, so it's possible that blocking scripts somehow permitted me to see something I should not have.  I highly doubt that's the case, though, as I am nearly certain that you could do the same thing using Internet Explorer. I don't want to cause any more trouble, but I do think this is something that should be out there and discussed. To be honest, the information I saw would make it fairly easy to shill bidders. I have no idea if that happened, but that is the real risk here. With a minimal amount of computer skill, I suspect someone could have put together a list of every bid in the entire auction, along with the bidder's name and contact info. I have had at least one person ask me how I was able to see what I did. I'm confident I did not do anything wrong, but I'm not really sure I should share the information. I don't know if Hunt fixed their site, but I'm not able to see the same information in the same way I did last night. Another poster above said he was able to just a few hours ago. Perhaps he's more tech savvy than I am. Honestly, I think it might help if someone from Hunt showed up and made some sort of statement. I don't want to fan the flames any, but I also think that other bidders have a right to know what happened, why, and how Hunt is going to fix it. I'm obviously not a regular here, but I do really respect the Net54 community. I'm not trying to cause trouble, so please let me know if I step over any lines I'm not aware of. ajw | 
| 
 ajw ajw- You did every thing correct. Last night the person I spoke with said they aren't really allowed to post on chat boards. I doubt they will come on here to explain it. best regards | 
| 
 Ok, given that the auction is over, I've had multiple requests for the information and the knowledge that Hunt is apparently fixing the problem, I'm going to pull back the curtain and show people what happened.  Another reason I'm doing this now is because Hunt appears to have fixed the problem because I can no longer replicate what I was able to do on Wednesday night.  If anyone disagrees, let me know. A couple of weeks ago, I bookmarked the following URL because I could not figure out how to easily see the items I had bid on and their current status: http://www.huntauctions.com/phone/re...bidder_id=#### The "####" at the end was my bidder ID. After bookmarking this, I could view the page from other computers and did not need to log into see my bid status. On Wednesday night, it finally dawned on me that it was very strange that I could see my information without logging in. I looked at the URL and simply changed the #### to another number. Bam. There there was another bidder's name, address, email, phone and list of bids. The bids included not just their current bid, but also their max bid. It didn't take too long to determine the highest bidder ID number and then work backwards. I'm not a computer guy, but I suspect your local high school has dozens of kids that could design a simple program to plug in all possible #### combinations and save the bid information. That would probably give you a full list of every bid made to that point. Obviously, that would not be a good thing. Now that you see how easy it is, I am confident you will agree that it is unlikely that I am the first person to discover this flaw. I hope that no one used this to disadvantage other bidders. I further hope that Hunt will use this publicity as an opportunity to upgrade their website design. In fact, it was the lousy design that caused me to bookmark the page in the first place, thus leading me to my discovery. Does this all make sense? ajw | 
| 
 ajw, the issue is still not completely fixed yet.  Please see the PM I sent you. | 
| 
 Quote: 
 | 
| 
 Might be time for a website upgrade, or I guess we can fax in bids.  ;) | 
| 
 For a company that does several millions of dollars in business per year they can surely afford to move to the same auction design that just about every auction house besides REA is now using.  I was one to never complain about their archaic website because I didn't have any problems navigating it, but I wasn't even aware that they could see my max bid. | 
| 
 I don't even really look at Hunt anymore.  The software is so lame, the ability to search, etc.  It's a shame and there really is no good reason why they can't come into the 21st century with their platform. | 
| 
 I'm pretty sure their auction software will not support back scans as well. | 
| 
 thanks Quote: 
 | 
| 
 Quote: 
 To Hunt's credit, it took only two e-mails and a phone call before they finally provided the second scan. | 
| 
 They really don't put much effort into their monthly phone/internet auctions...especially if they list a lot.  I've won lots from them that had numerous items that weren't even pictured or listed in the auction description..some items that probably would have sold as stand alone items. | 
| 
 Quote: 
 | 
| 
 At least their easy to get a hold of over the phone. | 
| 
 I didn't bid on anything yesterday.   But i'm trying to recall if they have credit card numbers on file....if so I certainly hope that wasn't viewable.   :confused: | 
| 
 Where does one find their own bidder number? | 
| All times are GMT -6. The time now is 06:47 AM. |