Warning: If you get a username / password pop up on CouchSurfing.org, click cancel, do not enter your username and password except on the CouchSurfing login page.
As of right now, I’m seeing this CSS file included on all CouchSurfing.org pages. That file links to this image. That image returns a 401 authorisation denied error. That in turn causes the browser to request a username and password, the realm is given as “CS”. If a user enters their CouchSurfing username and password, that data will be submitted to functionalfreelance.com.
This is a serious security issues as many users are likely to enter their passwords without realising what’s going on.
As far as I can tell from a scan of the whois data and dns records, there is no connection between couchsurfing.org and functionalfreelance.com. It seems likely to me that this is a hack of some sort, either deliberate or accidental. I hope accidental. Either way, this is a significant issue and needs immediate resolution by CS Inc. I have notified Casey Fenton, Jim Stone and Chris Burley directly of this issue.
Published by
Kasper Souren on
October 13, 2009 in
Uncategorized.
Tags: 2006, 2009, announcement, couchsurfing, couchwiki, creative commons, freedom, News, positive, wiki.
It’s been in the pipeline for a while. In fact, I should have done this in 2006 
Still, now it’s 2009 and I’m happy to hereby announce Couchwiki.org:
“WikiCouch is open to anyone and everyone. It is in keeping with the philosophy of inclusion and open hospitality. We believe in decentralized control, self-moderation and that everyone has something valuable to contribute.”
* Available under the Creative Commons ShareAlike Attribution license.
* Open for editing to anyone. You don’t have to log in – but it’s appreciated if you do – you can also log in with OpenID.
* Independent from the official CouchSurfing organization, but supportive the CouchSurfing community.
* Very soon: a version in French and in other languages if requested by the community.
* We have registered several domains, and there will be a discussion about the domain name where all participants are welcome to join.
* Several nice extensions are installed, and if needed I’ll be happy to install more.
* The costs of running a wiki are very low – to me. No worries about that, I’m happy to take care of the technical and financial aspects of the server.
* In the future we’ll have XML dumps for downloading.
Let me know if there are any issues. And… Enjoy!
I just read this article on the British Dailiy Mail web site.
Terrible, terrible news. I only hope this leads to CouchSurfing improving the trust systems. I hope they don’t use it to promote verification even more, or make verification compulsory.
The latest high season welcome message on CouchSurfing… I get it about 70% of the time I try to log on… hm… scalability problems? Let`s hope it is easy to solve!
Today I noticed that a green tick now appears on the images of CouchSurfing members who have paid for verification. I notice these ticks on groups, I assume they’re all over the site. Wherever you see a thumbnail picture of a person, it marks who have paid and who have not.
This continues what Jim Stone started back in New Zealand all those years ago. A campaign to drive verification revenues ever higher. Given that you only need to pay once to become “verified”, CouchSurfing International Inc rely only on a continual stream of new members to make “donations”. If they can increase the percentage of people “donating”, more money for the coffers.
Perhaps we can subvert this new feature by framing our own profile pictures and adding a different symbol to donate that we opt out of the so-called “verification” system. We could even combine that with a real verification system based on the verification of actual identity and physical location. Food for thought… 
I read that CouchSurfing uses SphinxSearch to improve member search. The software is available under the GPL or a commercial license.
I mention this here in the interests of collating technical data on how CS is built.
Check here and here. You’ll see “Blocked Site Error.”
The site used to be available in the wayback machine, so it would seem that somebody at CouchSurfing International Inc has specifically requested that the site be removed from the archive. Is there any legitimate reason why such a request would have been made? Personally, I can’t think of any.
I saw a discussion about CouchSurifng International Inc attemping to trademark the term “CouchSurfing”. I feel like this is something I would like to take action on, but I’m not quite sure what action to take.
I guess that if we can find uses of the term “couchsurfing” before the incorporation of CS Inc, that would provide a basis to challenge the trademark registration. Does anyone have references to such uses?
Is this an issue worth pursuing? Comments on a postcard…
You can see Alaska Collective blog here and subscribe to the feed here.
Unfortunately, comments are not allowed on the blog. To be more precise, you must be logged in to comment. But registration of new users is not allowed. So in effect, only those with permission can comment. Let’s hope this will change soon.
However, as a quick alternative, I propose to create a mirror of the blog content, with the same open-comments policy we use here at OpenCS. It’s fairly trivial to set up, and would allow open debate on each post. What do you think? Please provide a +1 or -1 in your comment if you think it’s a good or bad idea.
Recent Comments