In their continuing struggle with authentication bugs, Model Mayhem reached a new low about an hour ago revealing the contents of hidden forums for all to see. Not just all members mind you but the world. This latest bug allows logged out viewers to see hidden and confidential content that is not visible to logged in viewers. Since this content is publicly viewable, I have no doubt Google and Bing are hard at work indexing the content as I write this. Last October, I made this suggestion to members of one of the hidden forums “I suggest that everyone posting in this forum assume the information is public even though it’s in a limited view area.” Well it appears not everyone heeded my advice as moderators have since started very inflammatory threads in the mod forum. Now it has come back to bite them in the ass. Here’s a screen cap of what anyone can see on Model Mayhem without logging in.
Not only that, the brig list now has a handy little tool allowing anyone to get a summary of any members briggings and the lock log now shows the moderators who locked the thread. I shudder to see what will show up next.