incident Posted September 25, 2022 Report Share Posted September 25, 2022 I'll expand on this because I know it probably needs it. Simplifying some parts a bit here to avoid it getting too techy, but it still broadly holds. Yes, the server was online and could be accessed via the IP address. That doesn't mean the "door was open" though. Far from it. Going to http://123.456.78.9/ or whatever it was on the day wouldn't have been enough to get you "in". Try it - https://167.98.14.210/ is one of the servers that glastonbury.seetickets.com currently points to. But going direct to that address you'll hit two obstacles - firstly the security certificate on the server is tied to a domain name, and while that can be ignored the second issue can't. Namely that the server is configured to return the "regular" Seetickets web page unless it has reason to do otherwise - ie. that your browser has specifically told it that it's trying to get to the Glastonbury site. In other words - you'd have had to actively choose to configure either your Computer (hosts file) or your Browser (modified headers) to lie to the server. So yes - any half competent lawyer could make a case for unauthorised access and if Seetickets chose to interpret it that way, they absolutely could make it stick. Quote Link to comment Share on other sites More sharing options...
clarkete Posted September 25, 2022 Report Share Posted September 25, 2022 1 hour ago, incident said: I'll expand on this because I know it probably needs it. Simplifying some parts a bit here to avoid it getting too techy, but it still broadly holds. Yes, the server was online and could be accessed via the IP address. That doesn't mean the "door was open" though. Far from it. Going to http://123.456.78.9/ or whatever it was on the day wouldn't have been enough to get you "in". Try it - https://167.98.14.210/ is one of the servers that glastonbury.seetickets.com currently points to. But going direct to that address you'll hit two obstacles - firstly the security certificate on the server is tied to a domain name, and while that can be ignored the second issue can't. Namely that the server is configured to return the "regular" Seetickets web page unless it has reason to do otherwise - ie. that your browser has specifically told it that it's trying to get to the Glastonbury site. In other words - you'd have had to actively choose to configure either your Computer (hosts file) or your Browser (modified headers) to lie to the server. So yes - any half competent lawyer could make a case for unauthorised access and if Seetickets chose to interpret it that way, they absolutely could make it stick. Having a machine on a public facing ip address which someone accesses does not mean that it's been hacked. Their lawyer would look like a bloody idiot. Quote Link to comment Share on other sites More sharing options...
incident Posted September 25, 2022 Report Share Posted September 25, 2022 10 minutes ago, clarkete said: Having a machine on a public facing ip address which someone accesses does not mean that it's been hacked. Their lawyer would look like a bloody idiot. I don't know how to put this any other way. The only possible way to get access to the site via that server during that time frame was to deliberately configure the computer or browser to misrepresent itself. Ultimately, it boils down to that. While I don't think people doing so were in the wrong as such - and for reasons covered earlier nor do I think there was ever any likely prospect of See cancelling the tickets or taking any action against them - I don't see how anyone can credibly claim they'd not have been legally covered if they had. Quote Link to comment Share on other sites More sharing options...
UEF Posted September 25, 2022 Report Share Posted September 25, 2022 How that situation would actually pan out: See: "Did we make a sale?" IT bod: "Yes" See: "Very good" 1 Quote Link to comment Share on other sites More sharing options...
gfa Posted September 25, 2022 Report Share Posted September 25, 2022 On this topic, has anyone seen this before? Snipped for AM's tour. I know they are saying 4 tickets per person for whole tour but other artists must have done this before - however i've not seen anyone say this Quote Link to comment Share on other sites More sharing options...
dotdash79 Posted September 25, 2022 Report Share Posted September 25, 2022 3 minutes ago, gfa said: On this topic, has anyone seen this before? Snipped for AM's tour. I know they are saying 4 tickets per person for whole tour but other artists must have done this before - however i've not seen anyone say this If they were that bothered they would do a registration system like Glasto with photo. Quote Link to comment Share on other sites More sharing options...
gfa Posted September 25, 2022 Report Share Posted September 25, 2022 26 minutes ago, dotdash79 said: If they were that bothered they would do a registration system like Glasto with photo. Its a step in the right direction at least Quote Link to comment Share on other sites More sharing options...
Supernintendo Chalmers Posted September 25, 2022 Report Share Posted September 25, 2022 1 hour ago, gfa said: On this topic, has anyone seen this before? Snipped for AM's tour. I know they are saying 4 tickets per person for whole tour but other artists must have done this before - however i've not seen anyone say this I'd much prefer it if they banned certain secondary sales websites from selling them Quote Link to comment Share on other sites More sharing options...
clarkete Posted September 25, 2022 Report Share Posted September 25, 2022 3 hours ago, incident said: I don't know how to put this any other way. The only possible way to get access to the site via that server during that time frame was to deliberately configure the computer or browser to misrepresent itself. Ultimately, it boils down to that. While I don't think people doing so were in the wrong as such - and for reasons covered earlier nor do I think there was ever any likely prospect of See cancelling the tickets or taking any action against them - I don't see how anyone can credibly claim they'd not have been legally covered if they had. However you put it I would never agree it was "unauthorised access", unless someone did something to get past a level of authorisation or authentication - which in this case they did not. Quote Link to comment Share on other sites More sharing options...
parsonjack Posted September 26, 2022 Report Share Posted September 26, 2022 3 hours ago, clarkete said: However you put it I would never agree it was "unauthorised access", unless someone did something to get past a level of authorisation or authentication - which in this case they did not. That was my line of thinking also until I considered whether the absence of any level of authorisation or authentication then makes the access 'authorised'. Using the analogy of leaving your back door unlocked in error is certainly questionable from a duty of care perspective, but is still doesn't mean that access is 'authorised'. Quote Link to comment Share on other sites More sharing options...
gfa Posted September 26, 2022 Report Share Posted September 26, 2022 10 hours ago, Supernintendo Chalmers said: I'd much prefer it if they banned certain secondary sales websites from selling them Not possible Quote Link to comment Share on other sites More sharing options...
DeanoL Posted September 26, 2022 Report Share Posted September 26, 2022 (edited) With the server thing, I believe the IP address was obtained because the server was advertising it also, that's why people trusted it. You look up glastonbury.seetickets.com and it said it pointed to two IP addresses. For whatever reason the load balancer wasn't working and was sending everyone to a single address. I don't think opting to choose the other address in that case was misuse, as the name server was advertising it as a valid option. It's kinda like joining a queue and there's a big sign that says "use both lanes" and then when you reach the point where the queue splits in two, there's a guy there with his hand outstretched to the left and everyone is just going down the left queue. In those circumstances, nothing stops you going down the right queue, you'd just be ignoring the signal, having already been explicitly told that either queue is fine to use. I'm actually amazed that this whole thing is still so well-known but no-one in the years that followed and especially now has tried to take advantage of it for fraud (directing people to a fake server and stealing card details). I guess you wouldn't be able to replicate the registration system so that would look perhaps too suspicious. But I'd definitely be very wary of anyone promising a workaround during the sale these days. Edited September 26, 2022 by DeanoL 1 Quote Link to comment Share on other sites More sharing options...
Supernintendo Chalmers Posted September 26, 2022 Report Share Posted September 26, 2022 6 hours ago, gfa said: Not possible It would be if all the stakeholders wanted it to be. Quote Link to comment Share on other sites More sharing options...
gazzared Posted September 26, 2022 Report Share Posted September 26, 2022 8 hours ago, DeanoL said: With the server thing, I believe the IP address was obtained because the server was advertising it also, that's why people trusted it. You look up glastonbury.seetickets.com and it said it pointed to two IP addresses. For whatever reason the load balancer wasn't working and was sending everyone to a single address. I don't think opting to choose the other address in that case was misuse, as the name server was advertising it as a valid option. It's kinda like joining a queue and there's a big sign that says "use both lanes" and then when you reach the point where the queue splits in two, there's a guy there with his hand outstretched to the left and everyone is just going down the left queue. In those circumstances, nothing stops you going down the right queue, you'd just be ignoring the signal, having already been explicitly told that either queue is fine to use. I'm actually amazed that this whole thing is still so well-known but no-one in the years that followed and especially now has tried to take advantage of it for fraud (directing people to a fake server and stealing card details). I guess you wouldn't be able to replicate the registration system so that would look perhaps too suspicious. But I'd definitely be very wary of anyone promising a workaround during the sale these days. all sounds a bit tronnie 🤣 Quote Link to comment Share on other sites More sharing options...
K2SO Posted September 26, 2022 Report Share Posted September 26, 2022 11 hours ago, DeanoL said: It's kinda like joining a queue and there's a big sign that says "use both lanes" and then when you reach the point where the queue splits in two, there's a guy there with his hand outstretched to the left and everyone is just going down the left queue. In those circumstances, nothing stops you going down the right queue, you'd just be ignoring the signal, having already been explicitly told that either queue is fine to use. Off-topic, but this reminded me of something that happened to us at the festival this year. My girlfriend and I were queueing for the showers at Kidz Field. We were chatting with the two women behind us, having a good time whilst a group of 4 scouse girls in front of us stood there giving us filthy looks for the hour we were in the queue. When it got to the part where it splits into two queues, it seemed pretty clear to us that they had joined the queue for the right hand queue, so we walked past them and joined the left-hand one. These girls started kicking off at us, saying we pushed in front of them and they were queueing for both. We explained to them that it was clear there were two queues, and they had to choose one. They could go in front of us if they wanted to choose to do so, which they did. The two women behind us took the right hand queue. Obviously, the two women had managed to go in the shower and come back out again before the scouse girls had even gone in. They called over to us and waved, whilst my girlfriend and I laughed at how the girls' plan had backfired. We weren't even mad that we were still queuing at that point. Quote Link to comment Share on other sites More sharing options...
tarw Posted September 26, 2022 Report Share Posted September 26, 2022 46 minutes ago, K2SO said: Off-topic, but this reminded me of something that happened to us at the festival this year. My girlfriend and I were queueing for the showers at Kidz Field. We were chatting with the two women behind us, having a good time whilst a group of 4 scouse girls in front of us stood there giving us filthy looks for the hour we were in the queue. When it got to the part where it splits into two queues, it seemed pretty clear to us that they had joined the queue for the right hand queue, so we walked past them and joined the left-hand one. These girls started kicking off at us, saying we pushed in front of them and they were queueing for both. We explained to them that it was clear there were two queues, and they had to choose one. They could go in front of us if they wanted to choose to do so, which they did. The two women behind us took the right hand queue. Obviously, the two women had managed to go in the shower and come back out again before the scouse girls had even gone in. They called over to us and waved, whilst my girlfriend and I laughed at how the girls' plan had backfired. We weren't even mad that we were still queuing at that point. Why mention that they were Scouse girls? 1 Quote Link to comment Share on other sites More sharing options...
Pinhead Posted September 28, 2022 Report Share Posted September 28, 2022 On 9/24/2022 at 10:05 PM, DareToDibble said: Would they have been able to though? People would have gotten official confirmation emails from See, booking references, the money taken etc. Possibly yes, if they deemed that they had been obtained through non standard means. Quote Link to comment Share on other sites More sharing options...
Neil Posted September 28, 2022 Report Share Posted September 28, 2022 On 9/26/2022 at 7:30 PM, gazzared said: . For whatever reason the load balancer wasn't working and was sending everyone to a single address. there was no load balancer, just hope that the two dns entries would cause users to alernate servers. Quote Link to comment Share on other sites More sharing options...
UEF Posted September 29, 2022 Report Share Posted September 29, 2022 On 9/25/2022 at 8:33 PM, gfa said: On this topic, has anyone seen this before? Snipped for AM's tour. I know they are saying 4 tickets per person for whole tour but other artists must have done this before - however i've not seen anyone say this Government has sabre-rattled before about banning secondary sales (of the most piss-taking types that some of the big ticket sellers use with tickets appearing a little too quickly on them). This is their way of being seen to act before government acts for them, they're not doing it out of the goodness of their hearts. By the way - what did happen to that legislation/early day motion or whatever it was? Quote Link to comment Share on other sites More sharing options...
gfa Posted September 29, 2022 Report Share Posted September 29, 2022 27 minutes ago, UEF said: Government has sabre-rattled before about banning secondary sales (of the most piss-taking types that some of the big ticket sellers use with tickets appearing a little too quickly on them). This is their way of being seen to act before government acts for them, they're not doing it out of the goodness of their hearts. By the way - what did happen to that legislation/early day motion or whatever it was? I'll bet money that its only for this sale and next weeks stadium tour whatever that may be won't have it. AM have requested it and clearly seetickets care a bit more (see haven't got dynamic pricing for instance) Quote Link to comment Share on other sites More sharing options...
Oshman Posted November 1, 2023 Report Share Posted November 1, 2023 Does anyone have any clue on IP etc for this week's on sale? TIA Quote Link to comment Share on other sites More sharing options...
clarkete Posted November 1, 2023 Report Share Posted November 1, 2023 4 hours ago, Oshman said: Does anyone have any clue on IP etc for this week's on sale? TIA No, those years are long since past and indeed it was very rare even then Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.