Digg Breaks Cardinal Advertising Rule
Of the many rules of online advertising, perhaps the most obvious is not to auto-play sound. Years ago these forms of advertising were tossed aside with popups and popunders on legitimate, reputable sites. Apparently digg forgot and let me know this morning, 3 times, that I had won 2 Ipod Nanos! Come on Digg, this is ridiculous. No tags for this post.
Stumbleupon Cross-Site Scripting Vulnerability
While I have previously identified XSS and/or CSRF vulnerabilities in both Digg and Reddit, Stumbleupon has largely remained innocuous to these types of attacks for multiple reasons. First, the primary method of user-login and authentication is through the toolbar, which makes it substantially harder for malicious javascript intercept. Furthermore, because many of the many valuable user functions are triggered through the individual’s personal subdomain (user.stumbleupon.com) and www.stumbleupon.com, it becomes quite difficult to execute complex functions such as auto-voting or friend-adding. That being said, there are still work arounds that exist. In the proof of concept I was able to execute, the vector of attack was the invitefriends.php file which does...
A Web Programmer’s Resolutions
Turn on memcached Finish upgrading everything to PHP5. (avoid quotes like, “Jesus, are you kidding?”) Stop hating rails Better commenting <!– added 01/02/2007 by Russ Jones –> Practice Start using an RSS Reader Thank my programmers: Ian, Christin and Greg Thank my wife: Morgan, who puts up with my geeky anecdotes… “So, on XKCD today… sigh …” Uninstall stuff. No tags for this post.
Recent Comments