What is Digg?Sponsored by Best Buy
Giving a Smart phone? Finding The Right One Just Got Easier. view!
bestbuy.com - Best Buy has all the phones and carriers in one place so you can quickly compare prices & features.
52 Comments
- merbrian, on 11/06/2009, -0/+60Crap. And I was keeping all my most precious secret photos and info on Myspace--where nobody would ever find them.
- angrytortilla, on 11/05/2009, -2/+28Kudos to the developer for notifying the sites, but I can't help but wonder how long others knew about it and did not report.
- filltev, on 11/05/2009, -2/+17I thought they all were perfectly coded I looked and myspace was airtight
- OneManArmy, on 11/06/2009, -1/+15what is this ***** survey that keeps redirecting my browser! ***** you!
- yttrstein, on 11/06/2009, -4/+16This is absolutely no surprise to anyone who's spent any meaningful time in the field. *All* code contains terrible errors-- this is the assumption we all make at all times-- or at least we used to before clueless middle management started telling everyone to not talk so much about the problems, and focus on the positive.
So we all focused on the positive, and now all your data is wide open and it is very, very easy to steal.
How can this be fixed?
It can't. Keep anything you care about the hell out of "the cloud", and check the integrity of your data regularly. It's about the best you can do. - inactive, on 11/05/2009, -1/+13D'oh
- Groggie, on 11/06/2009, -0/+9Myspace has errors in their coding? Stop the presses!
- tryshalosh, on 11/05/2009, -2/+11Ummm dont trust your photos to a social network. Even developers can't keep the good stuff locked up.
- doshindude, on 11/06/2009, -1/+10Myspace itself is a coding error. It should never have existed in the first place.
- pgm_01, on 11/06/2009, -0/+8You have to kill Diggbar on all Computerworld links.
- ThatWebGeek, on 11/06/2009, -3/+9***** YOU DOLPHIIINN!!
***** YOU WHALEEEE!!! - jalbinson, on 11/06/2009, -0/+6The security flaw seems to stem from the user being unable to resist clicking unknown URLs.
- mikereads, on 11/06/2009, -0/+4the crossdomain.xml file is pretty mush just an xml list of sites that can use your flash files (and its data). Its not really coding. All the guy did was look at the list, spot the domains that he could possibly hack, and told facebook. Not so much bad coding as it is a lack of diligence.
- greenmartian, on 11/07/2009, -0/+4You can turn it off?
-edit- By god you can! Settings -> Viewing Preferences
Death to DIGG BAH!!! - SeaICIubber, on 11/06/2009, -0/+4I agree
http://www.youtube.com/watch?v=3HrSN7176XI - memper, on 11/06/2009, -1/+5Putting in a wild card domain for access in a property xml file is not a code error. It's an oversight. I would guess the developer had no way to know what end domains were going to need access and setup an open policy during development. The final setup of this file was likely lost on the crew that ultimately deployed it.
Cross domain issues are going to become more prevalent with HTML 5, and there is little to no agreement among browsers on how to handle cross domain policies as the cloud becomes a standard mechanism of data storage. The only reason Flash is involved here is because Macromedia (now part of Adobe) began the process of domain validation by suggesting a standard and deploying a crossdomain policy format. The first into the fire feels the heat. There needs to be greater consensus among browser makers and plugin makers about how to handle cross domain access and at what point a server advertises itself during deployment that security issues might exist with the chosen deployed policy files. There is no reason a server couldn't have self tested and found this hole and alerted admins during it's init process.
The safety of data in the cloud depends on server integrity. Blaming the front end coder for a server property only compounds and highlights the issue.
Welcome to the cloud. - partymachine, on 11/06/2009, -2/+6i can tell because sometimes facebook doesnt work to well for me.
- Averness, on 11/06/2009, -0/+3He's a hacker! Quick arrest him!
- Stoyanov, on 11/06/2009, -0/+3http://www.facebook.com/crossdomain.xml
- enantiodromia, on 11/06/2009, -0/+3now you can be like america
- rally25rs, on 11/06/2009, -2/+4Is there really any surprise here? Last time I looked at MySpace (which has admittedly been a long time), it didn't even produce valid XHTML. I can't imagine the backend is any better.
- Nicoon, on 11/06/2009, -0/+2"No public MySpace data was exposed"
What? - austang, on 11/06/2009, -0/+2Now if only the sites would notfity us.
- Fleagleman, on 11/06/2009, -0/+2Developers, developers, developers, developers, developers.
- Hiwnes, on 11/06/2009, -0/+2First rule of the internet: if its online, it's accessible.
- Goph09, on 11/06/2009, -1/+2it's pretty easy to view a photo album of someone that isn't your friend (even if they set it to friends only)
- enantiodromia, on 11/06/2009, -2/+3cow and chicken
- Garciat, on 11/06/2009, -0/+1It's a goddamn shame.
- JudgeMonkey, on 11/07/2009, -0/+1Seriously though. He said to keep sensitive information to yourself because you never know what vulnerabilities will crop up (yes, even digg might have them). Sensible suggestion.
No where in his post did he declare himself Mr. Magic who could find and... (hehe hehe) penetrate any back door. - bubba9999, on 11/06/2009, -1/+2I've seen people claim that, but I've never seen any documentation to back up that claim.
- JTMON, on 11/06/2009, -0/+1Zynga also just updated to block Mafia Wars Autoplayer but also to close holes in common coding mistakes like forgetting to sanitize <, >, etc...instead of fixing it the correct way, they now started a policy where you cannot have those characters in your name. This wouldn't be so bad except they want you to PAY REAL MONEY to change your name!!
- skelooth, on 11/06/2009, -1/+2cow and cheeken? ...
COW AND CHEEKEN?
***** YOU COW! ***** AYOU CHEEKEN! - MWeather, on 11/06/2009, -0/+1It's not that hard. Just steal your facebook login and use it to log into digg.
- kr3mliyn, on 11/06/2009, -1/+2Valid XHTML != Good code
Example: - http://validator.w3.org/check?uri=http://www.googl ...
Some sites are optimised for speed. - Averness, on 11/06/2009, -3/+4Diggbar? People still use that? How retarded.
- saperekier, on 11/07/2009, -0/+1It's true. There's also an easy workaround for viewing friends private pics as well. Though I won't share the details because they might fix it. ;-)
- thejynxed, on 11/06/2009, -0/+1Anyhow, this has already been fixed, and Apple had the exact same issue on their site.
People were posting links all over Reddit and other places that made the ads and product information display Windows 7 being for sale and the Zune Marketplace instead of iTunes.
Apple had the problem remedied in under two hours :) - JohnnySoftware, on 11/11/2009, -0/+1Three hours ago Leo Laporte tweeted that he cannot log into Facebook and it also would not allow him to reset his password.
- thejynxed, on 11/06/2009, -0/+1evony.com did the same stupid thing.
Bonus for stupidity? They didn't properly santize in a Flash application.
Their solution? Ban any characters not in the main Latin ASCII character set, and quite a few characters are banned even in chat, such as: < > + - ~ etc. - Silentnite85, on 11/07/2009, -0/+1Aw man, what am I going to do now that my angsty downward looking pic of me holding a camera in a mirror is released on the internet!?! Or heaven forbid, the one of me with three random bar chicks acting like they're interested in me!
I guess I just need to get another tribal tattoo and try to find a smaller shirt. - miaow, on 11/07/2009, -0/+1flash seems to be a weakness. it doesnt help that they dont auto-update
- rally25rs, on 11/06/2009, -0/+1Well, more specifically they use a lot of duplicated ID tags. And things like not closing elements (<td> cell1 <td> cell2) vs (<td> cell1 </td> ...)
Again, its been a while since i've looked... maybe they improved. I got sick of looking at other people's 'pimped' pages and decided no longer frequenting MySpace was better than gouging out my eyes. - kr3mliyn, on 11/06/2009, -0/+1True true.
In retrospect, I cannot believe I defended MySpace on Digg. :-/ - JudgeMonkey, on 11/07/2009, -0/+1I don't know about you, but my photos were limited to basically a few pictures from a theme park, a couple of pictures of my dog, and a picture of myself wearing that scribblenauts preorder rooster hat.
So i guess the real tip here is don't post pictures of your wang, or yourself drunk, or yourself naked and drunk to facebook. - Brishen, on 11/07/2009, -0/+1Coding errors... in Facebook? I never could of guessed
- dragon0196, on 11/06/2009, -1/+1I've noticed I can view full albums on my iPhone that I don't have access to from my computer.
- arthursk, on 11/06/2009, -1/+1Dear Mr, expert.
Please, try and hack my digg account. - skelooth, on 11/06/2009, -1/+1I'm a little surprised by facebook's shoddy code. While I'm not wild about the APIs they made public, they seem pretty well thought out. Where as myspace has been a coding disaster since it's conception. I remember myspace's infancy... frequent crashes, apologies from tom, and if you ever viewed source on HTML you'd wish you hadn't.
-
Show 51 - 55 of 55 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is