Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - A popular social news site has been infected by ja-> 1

Submitted by
violent.ed
violent.ed writes "Someone has figured out a way to exploit a mouseover javascript event within the popular social-news site http://reddit.com./ The javascript attacks the comments section which is designed to make one's web browser (Firefox 3.5.3 Confirmed) resubmit the exploit code as a reply to every existing comment in the existing thread, causing not only severe server load but locking up the browser of the affected client."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

A popular social news site has been infected by ja

Comments Filter:
  • Unfortunately NoScript comes from a broken way of thinking, "you can identify attacking sites and trusted sites", the attack code for this was coming from reddit.com (a site you have to allow in order to use reddit). The only way this sort of bug can be protected against is by use of javascript filtering tools such as controldescripts that filter javascript request by type and domain, with such a tool it would be possible to protect yourself much more effectively.

    using such tools complex rulesets could do s

One can't proceed from the informal to the formal by formal means.

Working...