Experts Exchange is an IT community for knowledge sharing with a focus on solving technology problems. Persons looking for answers ask questions and "experts" try and answer them. Experts are awarded points for answering questions in knowledge "zones" and gain ranks in those zones when acquiring sufficient points:
When earning a rank an expert is given the opportunity to create an html badge which displays the rank, points and zone and which may be used as an email signature. The badge is made up of various images hosted on the experts exchange website and because the urls for those images are predictable it is trivial for anyone to create a badge for a zone and rank to which they are not entitled:
Since nobody has yet attaied even half this amount of points, I'm the first person to be "awarded" the Legend rank. Nice.
Now this isn't a major issue, but it could be used to mislead people as to a persons knowledge of a particular topic or in some cases a persons identity - it's possible for instance to create a badge for a ning.com social network for any user of that network and so impersonate them in communications.
It's not an easy task to prevent this sort of thing because these badges are just pieces of html which can be copied and placed anywhere and restricting the use of them to specific people isn't really feasible.
Never trust a badge then.
Master 50,000
Guru 150,000
Wizard 300,000
Sage 500,000
Genius 1,000,000
Savant 10,000,000
Elite 25,000,000
Technocrat 50,000,000
Legend 100,000,000
Guru 150,000
Wizard 300,000
Sage 500,000
Genius 1,000,000
Savant 10,000,000
Elite 25,000,000
Technocrat 50,000,000
Legend 100,000,000
When earning a rank an expert is given the opportunity to create an html badge which displays the rank, points and zone and which may be used as an email signature. The badge is made up of various images hosted on the experts exchange website and because the urls for those images are predictable it is trivial for anyone to create a badge for a zone and rank to which they are not entitled:
 | jah | |
 |  |  |
 |  | |
Now this isn't a major issue, but it could be used to mislead people as to a persons knowledge of a particular topic or in some cases a persons identity - it's possible for instance to create a badge for a ning.com social network for any user of that network and so impersonate them in communications.
It's not an easy task to prevent this sort of thing because these badges are just pieces of html which can be copied and placed anywhere and restricting the use of them to specific people isn't really feasible.
Never trust a badge then.
Leave a comment