Filed under: Internet, Security, Web services
Reddit and Pligg vulnerabilities discovered
It hasn't been a good weekend for social ranking sites. Security vulnerabilities were uncovered at Digg-competitor Reddit and Pligg, a site that lets you create your own Digg clone. The security problems at each site were unrelated and have been patched.Basically, the problem at Reddit was that the site let users upload malicious code in their comments that could grant access to your account login and other information. For the most part, Reddit users played with vulnerability by uploading benign code. The exploit has been fixed, and now any user who uploaded such code has had the text replaced with "I am a terrible person."
The Pligg vulnerability was even more serious, allowing an attacker to take over an entire website. Pligg has released a patch, and recommends anyone running a Pligg site upgrade immediately.
[via Frantic Industries]
With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet.
They key to getting good at Graveyard Shift is learning to use ...
Reader Comments (Page 1 of 1)
Aaron Bassett said 8:11AM on 5-28-2007
Many people don't realise just how serious an XSS vulnerability can be. Alot of times the view is "well its only Javascript!?"
In attempt to show just what could be done if a malicious user managed to inject Javascript into a page I wrote a post detailing some of the attacks which could be performed. You can read the full post and see the code examples at: http://foobr.co.uk/2007/05/javascript_is_for_hackers/
Reply