Thanks Thanks:  0
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 21

Thread: Viewing un-published caches

  1. #1
    Dakar4x4 Guest

    Default Viewing un-published caches

    Hi folks,

    I've found a loophole that allows geocache users to view the cache details and logs of an un-published cache, providing they have received a watchlist email for a TB that has been placed in it. I've dropped an email to groundspeak to advise them of this, but wondered if it was already known and other people had noticed it? I was already aware that it was possible to get the cache co-ordinates if a TB had been placed, but not until last night did I realise that it's also possible to view the cache page itself.

    I have to confess I did use the information to solve the cache, claim ftf and retrieve the TB from it last night, before the cache was published. I called the cache owner and explained what I did and how I did it and they were quite shocked at the ease at which it was done, and the fact this loophole allows a cacher to read the reviewers logs to.

    Jon.

  2. #2

    Join Date
    Jul 2007
    Location
    Church Warsop, Notts
    Posts
    518

    Default

    I've heard of this loophole: I think that it dates back many years. But I've never succeeded in finding it, even though I've often had trackables in an unpublished cache. How do you do it?

  3. #3
    Dakar4x4 Guest

    Default

    Are there moderators on here? If one could confirm it isn't against the rules or innappropiate to do so, then I'll happily post it. I personally think making it public knowledge would level the playing field somewhat and be good. I am also waiting to hear back from groundspeak as I've contacted them to ask if they knew about it and if they could fix it.

    Jon.

  4. #4
    sTeamTraen Guest

    Default

    There are various loopholes in the system. I've heard of "something which sounds like" this one, some time ago, but whether it's the same one would be almost impossible to say.

    I just tried to reproduce it but couldn't, at least not by doing the obvious (watch coin with one account, drop it into an unpublished cache from another, click on the links in the watchlist e-mail). The links in the generated e-mail don't have anything special about them like "&autologin_bwahahaha=1". It might be a more general problem where, say, one time in a hundred when you connect to an unpublished cache page, you get in anyway.

    From Groundspeak's point of view, FTF is "no big deal". It's not as if there's a huge cash prize for FTF (and yes, I did spell that "cache" the first time I typed it!). There was a known bug for years where you could look up an unpublished cache on the WAP site if you knew its GCxxxxx number. If someone went out and logged FTF on one of my caches before it was published, I'd probably congratulate them, but some placers might ask them to delete the log and re-log it when someone else had found it.

    The possible leak of the pre-review notes is slightly more concerning; I always write my reviewer notes as if the rest of the Internet is watching me but you might find the explanation of a devious puzzle in there.

    This certainly needs to be fixed, so if you have a reliable procedure to reproduce it then please contact me or one of the UK reviewers by PM and we can run it up the bugs chain.

  5. #5
    Dakar4x4 Guest

    Default

    Hi sTeamTraen,

    Yup, I have a quick and simple procedure now to view either just the un-published cache details, or indeed, the cache and all the reviewer logs. I have notified groundspeak already but have not heard back yet, I guess they don't come on-line until this evening, so I'm happy the 'problem' has been logged.

    I've used this technique to also view caches that have been 'un-published' following a problem and yes, the ability to view reviewers notes is a little concerning.

    My query is though, can and will this loophole be fixed? The Google Earth technique hasn't been and has been known about for ages. I also notice there is a map on the TB page now that actually allows you to zoom in and see the final cache location (assuming it's just a trad) and that's from the main geocaching.com page!

    Additional: Forgot to say, I did this primarily to get the Interception TB, but the FTF thing is I guess a side effect of it.

    Jon.

  6. #6
    Dakar4x4 Guest

    Default

    Quick update - I've had to promise to Groundspeak that I won't use this method to view un-published cache details again and not to share the details of this loophole with anyone else. They consider that to be an end to the matter. When I queried if they are actually going to fix the loophole, they have advised it is something they already knew about and will address at some point. Kind of a bizarre resolution if you ask me, but I guess in their minds this is just a gaming website. It's not banking, it's not personal information, so it's not a huge issue. On reflection I guess they are right and I was taking my Hobby a bit too seriously to think it was a big problem. Hey-Ho!
    Cheers & thanks to Graculas for their assistance,
    Jon

  7. #7
    sTeamTraen Guest

    Default

    Welcome to the "I know something you don't, but I can't tell you" club. Keep reading the release notes for site updates until it's fixed, then tell us how you did it.

    I agree that it's a fairly minor issue unless people start "targeting" it, which would require them to hand TBs which they are watching to people who they know are about to place a cache, and even then it would be a pretty unproductive process most of the time.

    Anyway, as you say, its only Tupperware. Probably not worth getting too worried about compared to, say, Google knowing for a year that a hacker could read all your Gmail before doing anything about it.

  8. #8
    pklong Guest

    Default

    Quote Originally Posted by sTeamTraen View Post
    Welcome to the "I know something you don't, but I can't tell you" club. Keep reading the release notes for site updates until it's fixed, then tell us how you did it.
    Do I have to keep quiet as well considering I've also figured it out?

    Took all of 30 seconds.



    Philip

  9. #9

    Join Date
    Oct 2006
    Posts
    103

    Default

    I dunno, but if you tell me how its done, I'll tell everybody for you

  10. #10
    Lakeuk Guest

    Default

    I sussed out google earthing an unpublished cache.

    I'm sure there are loads of holes in the system waiting to be fixed, mums the word

  11. #11
    fraggle69 Guest

    Default

    Hmm, yes there are a few holes in the 'system'. It would be good if these holes were plugged. I mean isn't that where our subscription goes, paying lackies to keep on top of all things soft?
    Ah well, enjoy the holes ppl

  12. #12

    Join Date
    Aug 2006
    Posts
    178

    Default

    Does it really matter if there's holes or not.

    Unfortunately, I've yet to find any holes that allow non-PMs to view PM cache details
    If there was a competition for witty signatures, I'd come last.

  13. #13

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    99

    Default

    Quote Originally Posted by Edgemaster View Post
    Does it really matter if there's holes or not.

    Unfortunately, I've yet to find any holes that allow non-PMs to view PM cache details
    dunno if you were referring to it, but you just reminded me to set our new RTB to 'all-comers'! I only had it as PM only for the FTF, and you ain;t fast enough to get them Edgy!

    BTW - if you spot any others that I've forgotten to open to all, then let me know by e-mail. I will never have any cache that is permanently PM only...

  14. #14
    Lakeuk Guest

    Default

    Quote Originally Posted by Edgemaster View Post
    Does it really matter if there's holes or not.

    Unfortunately, I've yet to find any holes that allow non-PMs to view PM cache details

    You're not looking hard enough

  15. #15

    Join Date
    Dec 2007
    Location
    Staffordshire Moorlands
    Posts
    47

    Default

    Quote Originally Posted by Edgemaster View Post
    Does it really matter if there's holes or not.

    Unfortunately, I've yet to find any holes that allow non-PMs to view PM cache details
    I have worked out how my daughter can log PM caches even though she is not one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •