[{"data":1,"prerenderedAt":209},["ShallowReactive",2],{"blog:2006:remote-denial-of-present-dop-attack-via-amazon-wishlist":3,"blogMore-Technology":125,"comments-remote-denial-of-present-dop-attack-via-amazon-wishlist":138},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"category":11,"tags":12,"excerpt":14,"body":29,"_type":115,"_id":116,"_source":117,"_file":118,"_stem":119,"_extension":120,"url":121,"wordCount":122,"minutes":123,"commentCount":124},"/blog/2006/remote-denial-of-present-dop-attack-via-amazon-wishlist","2006",false,"en","Remote denial of present (DoP) attack via Amazon wishlist","I placed eleven items this year into my Amazon wish-list for my family and girlfriend to pick from and all were quickly purchased.","2006-12-18T12:48:07+00:00","Technology",[13],"Amazon",{"type":15,"children":16},"root",[17,24],{"type":18,"tag":19,"props":20,"children":21},"element","p",{},[22],{"type":23,"value":9},"text",{"type":18,"tag":19,"props":25,"children":26},{},[27],{"type":23,"value":28},"A few days later my mother asks if I can put some items to buy because after purchasing one or two the others have now gone.",{"type":15,"children":30,"toc":111},[31,35,39,44,57,62,87,92,97,102],{"type":18,"tag":19,"props":32,"children":33},{},[34],{"type":23,"value":9},{"type":18,"tag":19,"props":36,"children":37},{},[38],{"type":23,"value":28},{"type":18,"tag":19,"props":40,"children":41},{},[42],{"type":23,"value":43},"My brothers don’t have debit cards, my sisters have limited net access my girlfriend claims she hasn’t brought them and nobody else knows about it.",{"type":18,"tag":19,"props":45,"children":46},{},[47,49,55],{"type":23,"value":48},"Either I’ve got a secret Santa fulfilling my every Amazon wish or… somebody is executing a ",{"type":18,"tag":50,"props":51,"children":52},"strong",{},[53],{"type":23,"value":54},"remote denial of present attack",{"type":23,"value":56}," upon my Christmas!",{"type":18,"tag":19,"props":58,"children":59},{},[60],{"type":23,"value":61},"How it works is simple.",{"type":18,"tag":63,"props":64,"children":65},"ol",{},[66,72,77,82],{"type":18,"tag":67,"props":68,"children":69},"li",{},[70],{"type":23,"value":71},"Find the Amazon wish-list of the target",{"type":18,"tag":67,"props":73,"children":74},{},[75],{"type":23,"value":76},"Buy items from the wish-list but ship to your own address",{"type":18,"tag":67,"props":78,"children":79},{},[80],{"type":23,"value":81},"Enjoy the items yourself",{"type":18,"tag":67,"props":83,"children":84},{},[85],{"type":23,"value":86},"Rejoice in knowing the target is deprived of the item now that Amazon believes he will get it",{"type":18,"tag":19,"props":88,"children":89},{},[90],{"type":23,"value":91},"It’s evil.",{"type":18,"tag":19,"props":93,"children":94},{},[95],{"type":23,"value":96},"The only way I can see that Amazon would be able to prevent this attack is to either let you pre-select other Amazon accounts that are able to use your wish-list or to be able to see who brought what.",{"type":18,"tag":19,"props":98,"children":99},{},[100],{"type":23,"value":101},"Ho-ho hum,",{"type":18,"tag":19,"props":103,"children":104},{},[105],{"type":18,"tag":106,"props":107,"children":108},"em",{},[109],{"type":23,"value":110},"[)amien",{"title":112,"searchDepth":113,"depth":113,"links":114},"",2,[],"markdown","content:blog:2006:remote-denial-of-present-dop-attack-via-amazon-wishlist.md","content","blog/2006/remote-denial-of-present-dop-attack-via-amazon-wishlist.md","blog/2006/remote-denial-of-present-dop-attack-via-amazon-wishlist","md","/blog/2006/remote-denial-of-present-dop-attack-via-amazon-wishlist/",188,1,3,[126,130,134],{"title":127,"date":128,"url":129},"VTX5000: Part 4 - Communications ","2026-05-06T10:19:24.727Z","/blog/2026/vtx5000-part-4-comms-routines/",{"title":131,"date":132,"url":133},"VTX5000: Part 3 - Software ROM","2026-04-15T23:00:00.000Z","/blog/2026/vtx5000-part-3-software-rom/",{"title":135,"date":136,"url":137},"VTX5000: Part 2 - Hardware","2026-03-30T23:00:00.000Z","/blog/2026/prism-vtx5000-part-2/",[139,161,192],{"_path":140,"_dir":141,"_draft":6,"_partial":6,"_locale":7,"title":142,"description":143,"id":144,"name":145,"email":146,"avatar":147,"url":148,"date":149,"body":150,"_type":115,"_id":158,"_source":117,"_file":159,"_stem":160,"_extension":120},"/comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1746","remote-denial-of-present-dop-attack-via-amazon-wishlist","1746","Haha, a happy ending after all then.",1746,"steve","steve@stevestreeting.com","https://www.gravatar.com/avatar/fbe8cc9ac5bc8797382e01e10f5f8e33?r=pg&d=retro","https://www.stevestreeting.com","2007-01-04T14:37:35",{"type":15,"children":151,"toc":156},[152],{"type":18,"tag":19,"props":153,"children":154},{},[155],{"type":23,"value":143},{"title":112,"searchDepth":113,"depth":113,"links":157},[],"content:comments:remote-denial-of-present-dop-attack-via-amazon-wishlist:1746.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1746.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1746",{"_path":162,"_dir":141,"_draft":6,"_partial":6,"_locale":7,"title":163,"description":164,"id":165,"name":166,"email":167,"avatar":168,"url":169,"date":170,"body":171,"_type":115,"_id":189,"_source":117,"_file":190,"_stem":191,"_extension":120},"/comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1745","1745","It's a very dull end to an otherwise interesting blog post.",1745,"Damien Guard","damien@envytech.co.uk","https://www.gravatar.com/avatar/dc72963e7279d34c85ed4c0b731ce5a9?r=pg&d=retro","https://damieng.com/","2007-01-04T12:17:16",{"type":15,"children":172,"toc":187},[173,177,182],{"type":18,"tag":19,"props":174,"children":175},{},[176],{"type":23,"value":164},{"type":18,"tag":19,"props":178,"children":179},{},[180],{"type":23,"value":181},"My girlfriend was telling fibs and had brought 4 of them.",{"type":18,"tag":19,"props":183,"children":184},{},[185],{"type":23,"value":186},"Seems it's safe for another year although now I've published the exploit... ;-)",{"title":112,"searchDepth":113,"depth":113,"links":188},[],"content:comments:remote-denial-of-present-dop-attack-via-amazon-wishlist:1745.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1745.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1745",{"_path":193,"_dir":141,"_draft":6,"_partial":6,"_locale":7,"title":194,"description":195,"id":196,"name":145,"email":146,"avatar":147,"url":148,"date":197,"body":198,"_type":115,"_id":206,"_source":117,"_file":207,"_stem":208,"_extension":120},"/comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1744","1744","I'm curious - what happened in the end about this? Did you get the items that were removed after all? We (Marie & I) have regularly used wishlists for birthdays and xmas (and didn't suffer a DoP attack) and I'm wondering if it's a problem waiting to strike...",1744,"2007-01-04T12:10:56",{"type":15,"children":199,"toc":204},[200],{"type":18,"tag":19,"props":201,"children":202},{},[203],{"type":23,"value":195},{"title":112,"searchDepth":113,"depth":113,"links":205},[],"content:comments:remote-denial-of-present-dop-attack-via-amazon-wishlist:1744.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1744.md","comments/remote-denial-of-present-dop-attack-via-amazon-wishlist/1744",1779224698124]