Maximise your Avios, air miles and hotel points

Forums Frequent flyer programs Other frequent flyer schemes Reward programme security

Reward programme security

Discuss today's stories:
Review: Qatar Airways Platinum & Gold Lounge North (for BA Gold & Silver) at Hamad Airport
British Airways BA London City Airport
Why you shouldn’t use Avios on Club Europe redemptions from London City Airport
Review: The American Express Rewards Credit Card
Reply
  • #522837
    #522837
    1,094 posts

    Spotted this today on reward programme security. My favourite bit:

    Most significantly, the researchers found a vulnerability in the Points.com global administration website in which an encrypted cookie assigned to each user had been encrypted with an easily guessable secret—the word “secret” itself. By guessing this, the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site, reencrypt the cookie, and essentially assume god-mode-like capabilities to access any Points reward system and even grant accounts unlimited miles or other benefits.
    #522842
    #522842
    843 posts

    That’s utterly amazing. I remember I had to allow third party cookies to buy Hilton points, which shows points.com’s heavy reliance on cookies perhaps.

    Thanks for sharing.

    #522873
    #522873
    2,419 posts

    How, precisely, does one do this?

    Asking for a friend 🙂
  • You must be logged in to reply to this topic.

Popular articles this week:

Review: the Al Safwa First Lounge at Hamad Airport, Doha – monumental
149 comments
Saudia opens a new airline lounge at Heathrow Terminal 4
74 comments
What does BA Gold give you that other oneworld Emerald cards don’t?
73 comments
First class seat
Bits: BA US First sale, KLM launches Barbados, ‘Credit Card Reviews’ returns
54 comments
Review: we re-visit the Sunborn Gibraltar yacht hotel
50 comments
Virgin Hotels London Shoreditch is officially launched – and I’m impressed so far
43 comments
Diary dates: Oman Air joining oneworld, Bristol Airport’s new Escape lounge opening
40 comments
British Airways BA London City Airport
Why you shouldn’t use Avios on Club Europe redemptions from London City Airport
38 comments

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 80,000 bonus points (worth 80,000 Avios) and £400 of dining credit with The Platinum Card (Offer ends 27th May)

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get up to 10,000 bonus Hilton Honors points

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? GET THE ONLY FREE SMALL BUSINESS CREDIT CARD WHICH CAN EARN AVIOS

Get points worth 30,000 Avios with 'first year free' American Express Gold (ends 27th May)

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!