An anonymous reader writes: Microsoft's bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft style, Microsoft responded to the author of the breaking bing cashback with a cease & desist letter, rather than fixing the security problems. It is possible for a malicous user to create fake bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving there cash-back from bing. The original post is currently available in bing's cahce (although perhaps not for long). But no worries, the author makes it clear that the exploit should be painfully obvious to anyone that reads the bing cashback sdk.