Journal FortKnox's Journal: Even Slashdcode has vulnerabilities 10
Check this out. Apparently, slashcode has a vulnerability that has been fixed. Jamie states that there will be an explanation today. Looking forward to it.
IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.
yup.... (Score:2, Informative)
Basically, trolls found a way to embed javascript into a post, using the onmouseover function. Run the mouse over a post (no-click req'd) with this and get about 10 new windows showing goatse's glory.
Other variations on this were changing all the links in the page to goatse, alert("You're now being redirected to one of out sponsors.") only to get goatse, infinite loops of goatse pop-ups. You get the idea.....
When I found this, I ran over to SourceForge and wrote up a bug report. During the time I wrote it up, they took slashdot offline or something, as I couldnt reach anything other than the front page after the doing the write up. I suspect they (Jamie, CmdrTaco, etc) found a problem and thought they were r00t3d (or got a ton of WTF emails) and decided to shut the servers down and investigate further. Maybe then they found wither my bug report, or others like it.
Jamie wrote in the report that they fixed the slashcode bug and have removed all the offending posts, citing the FAQ that they remove posts that contain bad HTML.
Re:yup.... (Score:2)
Stuff like this is one reason why I always browse with images turned OFF when at the office.
Re:yup.... (Score:2)
Re:yup.... (Score:2)
I agree but I am forced to use only MSIE 5 / Outlook97 and cannot install other software or even apply security patches. Because of this, I turn of all scripting as well. It's my only defence. At home I have better solutions like Moz and Konq.(Yeah I turn them on of they are really needed to browse.)
Re:yup.... (Score:1)
So, why isn't the front page blank? ;)
Re:yup.... (Score:1)
The Silence Gets Us Nowhere Way Too Fast... (Score:1)
The bug in Apache, the OpenSSH flaw, and now the
Everyone expects to bash the evil world of commercial software and Microsoft, yet when they get caught with their pants down it's a different story. Everyone is still waiting on the response from the