Filed under: Internet, Security, Web services
Reddit and Pligg vulnerabilities discovered
It hasn't been a good weekend for social ranking sites. Security vulnerabilities were uncovered at Digg-competitor Reddit and Pligg, a site that lets you create your own Digg clone. The security problems at each site were unrelated and have been patched.Basically, the problem at Reddit was that the site let users upload malicious code in their comments that could grant access to your account login and other information. For the most part, Reddit users played with vulnerability by uploading benign code. The exploit has been fixed, and now any user who uploaded such code has had the text replaced with "I am a terrible person."
The Pligg vulnerability was even more serious, allowing an attacker to take over an entire website. Pligg has released a patch, and recommends anyone running a Pligg site upgrade immediately.
[via Frantic Industries]
I don't know if this is a labor of love or merely the brainchild of four very gifted games designers, but Level Up is a really weird mash-up of gaming elements that you have probably never seen in a Flash game before.
Let's start with the premise itself: Groundhog Day meets Memento. The game experience revolves around 'days': you explore the world and the clock slowly ticks towards the evening. You bounce around picking up gems and talking to the denizens of 'Level Upland'. Eventually you feel tired and head back to ...
Reader Comments (Page 1 of 1)
Aaron Bassett said 8:11AM on 5-28-2007
Many people don't realise just how serious an XSS vulnerability can be. Alot of times the view is "well its only Javascript!?"
In attempt to show just what could be done if a malicious user managed to inject Javascript into a page I wrote a post detailing some of the attacks which could be performed. You can read the full post and see the code examples at: http://foobr.co.uk/2007/05/javascript_is_for_hackers/
Reply