Phil Ringnalda discovered a month ago that Bloglines is susceptible to a cross site scripting attack that can expose your entire account to someone who has compromised a feed to which you subscribe. He notified the company a month ago and hasn’t seen any action on that front, so he’s publicizing the problem to alert Bloglines users.
November 23, 2005 at 1:01 am
And, as I say every time when getting up on my bully pulpit and ripping someone a new one in public works, “why do they encourage me like that?”
Someone stayed up until close to 1 am last night, and fixed at least the particular hole I used, though Sander’s feed down toward the end of the comments still works, and I have several other ideas to try. Am I going to want to go through the same old routine with my next report, or just count on them stalking the word “Bloglines” so I can do my bug reporting in my blog, where it apparently works?
November 23, 2005 at 11:49 pm
Thanks for the alert I can not believe they have not been able to fix it yet. I have another bug to report on via Yahoo news agency. If you go to yahoo search engine type in sex movies the first thing that pops up in a news story thenthe results but the link from teh news story goes to a sex site not a news story.It seems that they are able to manipulate the code so it hides the domain. Also this is done for alot of other keyowrds as well not jsut sex movies basically giving them the number 1 position on the engine for the keyword. Also the site from the news link you click on tries to install a dialer that calls a number that I beleive is going to charge your phone atleast a dollar but maybe alot more.Anyways just like bloglines yahoo has done nothing.
December 7, 2005 at 5:24 pm
mmmmmmm