XSS Hole in Reddit Allows Gaping Access: Proof of Concept
Fixed by Reddit. So, a few months back Digg added a new feature that allowed users to invite and add friends more easily. Unfortunately, as I reported then, this hole allowed a site to automatically add friends if the visitor was still logged into Digg. This story did quite well in Reddit, often considered rivals, actually out performing the story on Digg which was, unsurprisingly, quickly buried. Nevertheless, an XSS hole in the handling of non-existing 404 pages has created a gaping hole which can allow a site to perform almost any site function we would want. To be fair to Reddit, I figured the Proof of Concept should mimic the same one as I did for Digg, an auto friend adder. If you are reading this page and are logged into Reddit, assuming the hole has not...
96.6% of Wikipedia Pages Rank in Google’s Top 10
While everyone has noticed Wikipedia dominating Google’s search results, this is a little outrageous. After grabbing 600 random pages from Wikipedia (using their special:random link), I conducted searches in Google for each of the titles of the Wikipedia entries. Out of the 600, 580 were in the top 10. Wikipedia Entry Top 10? Czechoslovakia at the 1960 Summer Olympics yes Jefferson Park yes Unity Day yes St. John Vianney High School (New Jersey) yes Veil of Darkness no Central Hudson Gas & Electric Corp. v. Public Service Commission no Al-Fakik (crater) yes Group key no Driver Hearing yes Black Lips yes William Shakespear yes Comparative government yes Robert J. White yes Lila Bell Wallace yes William Dodd (Congressional candidate) yes Star (glyph) yes...
Super Smart Experiment – Surviving the Digg Effect
Definitely one of the smarter experiments I have seen these days. This site tries to promote 1 story with 9 different hosting companies loaded up in Iframes. That way, each site gets the exact same amount of traffic from the exact users. Then he just pings them to check which are still up. I absolutely love this kind of attitude of bootstrap experimentation, especially when it is crafted in a way that makes it really accurate. I have seen stories before where they just pound 1 host, but not one where they can really compare multiple hosts at the same time. Kudos! No tags for this...
Digg Noise Filter Back Up!
for those of you that missed, the digg noise filter helps you find hot digg stories before they go popular After a massive 28 GB of bandwidth usage in under 8 hours (woohoo!), we were forced to move the Digg Noise Filter and the site as a whole to brand new spanking hosting. We also added a few new features (fixed the 0 diggs bug and added a no-refresh option). Now that we are on a dedicated box with more bandwidth/month than we could ever imagine, go ahead and start using the filter again! Thanks again for everyone’s interest in the tool, I found it really useful. No tags for this...
Digg Noise Filter Tool: Find Better Stories Fast
One of the commonly mentioned “reputation” measurements on Digg is the ability to find great stories early. If you Digg a bunch of stories early on that all go popular, theoretically your reputation increases. Thus, your vote counts more in the future for stories you submit and Digg. So, how do you find good stories earlier, when most of what is submitted is spam? A really simple solution that updates the latest 500 entered stories and allows you to filter them by minimum numbers of diggs. You can quickly find the stories that are hot well before they hit the front page! No tags for this...
Proof Your SEO Company Stinks.
After David Naylor pointed out a site that had custom file extensions of “.seo” I decided to take a look at how common this obviously terrible practice is, expecting to find the audit trail of one stupid SEO firm. I was wrong. Grossly wrong. Take a look yourself: pages with a “.seo” file extension in google. Over 400,000. No tags for this post.
Recent Comments