Filed under: Internet, Security, Web services
Reddit and Pligg vulnerabilities discovered
It hasn't been a good weekend for social ranking sites. Security vulnerabilities were uncovered at Digg-competitor Reddit and Pligg, a site that lets you create your own Digg clone. The security problems at each site were unrelated and have been patched.Basically, the problem at Reddit was that the site let users upload malicious code in their comments that could grant access to your account login and other information. For the most part, Reddit users played with vulnerability by uploading benign code. The exploit has been fixed, and now any user who uploaded such code has had the text replaced with "I am a terrible person."
The Pligg vulnerability was even more serious, allowing an attacker to take over an entire website. Pligg has released a patch, and recommends anyone running a Pligg site upgrade immediately.
[via Frantic Industries]
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Aaron Bassett said 8:11AM on 5-28-2007
Many people don't realise just how serious an XSS vulnerability can be. Alot of times the view is "well its only Javascript!?"
In attempt to show just what could be done if a malicious user managed to inject Javascript into a page I wrote a post detailing some of the attacks which could be performed. You can read the full post and see the code examples at: http://foobr.co.uk/2007/05/javascript_is_for_hackers/
Reply