rc3.org

Strong opinions, weakly held

Bloglines security hole

Phil Ringnalda discovered a month ago that Bloglines is susceptible to a cross site scripting attack that can expose your entire account to someone who has compromised a feed to which you subscribe. He notified the company a month ago and hasn’t seen any action on that front, so he’s publicizing the problem to alert Bloglines users.

3 Comments

  1. And, as I say every time when getting up on my bully pulpit and ripping someone a new one in public works, “why do they encourage me like that?”

    Someone stayed up until close to 1 am last night, and fixed at least the particular hole I used, though Sander’s feed down toward the end of the comments still works, and I have several other ideas to try. Am I going to want to go through the same old routine with my next report, or just count on them stalking the word “Bloglines” so I can do my bug reporting in my blog, where it apparently works?

  2. Thanks for the alert I can not believe they have not been able to fix it yet. I have another bug to report on via Yahoo news agency. If you go to yahoo search engine type in sex movies the first thing that pops up in a news story thenthe results but the link from teh news story goes to a sex site not a news story.It seems that they are able to manipulate the code so it hides the domain. Also this is done for alot of other keyowrds as well not jsut sex movies basically giving them the number 1 position on the engine for the keyword. Also the site from the news link you click on tries to install a dialer that calls a number that I beleive is going to charge your phone atleast a dollar but maybe alot more.Anyways just like bloglines yahoo has done nothing.

  3. mmmmmmm

Leave a Reply

Your email address will not be published.

*

© 2024 rc3.org

Theme by Anders NorenUp ↑