What is Digg?Sponsored by Best Buy
Best Buy finds gold in Iowa. view!
youtube.com - Best Buy employee, Danielle Kelly, sings her way into holiday campaign.
32 Comments
- lemonpies, on 05/18/2008, -2/+32I dugg this article for the amount of adverts that website has on it's pages, that's crazy - the top banner opens a graphic with about 10 products, plus other flash banners wiggle about - couldn't read the article! :)
- jameshighmore, on 05/18/2008, -0/+13Step 1: http://www.mozilla-europe.org/en/products/firefox
Step 2: https://addons.mozilla.org/en-US/firefox/addon/186 ...
Step 3: ???
Step 4: Reduce forbes.com's PROFIT! - TheDiggAbides, on 05/18/2008, -0/+12What are these one or two tricks you speak of? I have high hopes that hacking is exactly like how it is portrayed in The Matrix.
- fLUx1337, on 05/18/2008, -2/+13I find it kind of ironic the site runs Apache 1.3.26. I'm not saying its insecure (Apache has always been pretty good), but its nearly 6 years old now. Not really too wise to take security advice from them.
If your going to run an old version of Apache, at least use 1.3.3.7, because of its obvious 1337ness. - wigren, on 05/18/2008, -0/+9At least it's not a slide show. Besides, adblock plus.
- psevium, on 05/18/2008, -0/+6And, they still have plenty of room to spare!
http://img150.imageshack.us/img150/614/wheretheweb ... - voetsjoeba, on 05/18/2008, -1/+7"When a hacker's hidden instructions are entered into a Web site's input forms, the site may confuse them with user data and pull the commands into its Structured Query Language (SQL) database, where they can become integrated into the database's code. That lets the hacker access the site's data or add commands to the page so as to infect a visitor with malicious software."
I love how they made a retardedly simple exploit sound so complicated. Actually, pretty much all of the descriptions are blown way out of proportion to almost being downright wrong. - mastication, on 05/18/2008, -1/+7Forced browsing? O_O
Sounds sexual and violent. - DietMountainDew, on 05/18/2008, -1/+7I counted 11 ads on one page. Buried as Spam, sorry.
- maz2331, on 05/18/2008, -0/+5SQL injection, mail injection, and XSS... all boil down to one simple cause: developers who don't do proper input validation. The 'net is a hostile environment, and you can't trust ANY data sent to your app. Ever. Under any circumstances.
And for the love of God... turn off allow_url_fopen in your PHP.INI. That one's just begging to be XSS'ed. - skywake, on 05/18/2008, -0/+5I wasn't going to read this story... but now I want to see if I can break adblock.
- Djharlock, on 05/18/2008, -0/+4You won't see fixes for these kind of issues because there's Profit being put in the pocket for those who are supposed to fix these security flaws, so they'll take six months to fix a backdoor that already is obsolete and a better one has been discovered.
- mattcampbell, on 05/18/2008, -0/+3Oh, there is a photo slide show at the bottom, for those who can't read an article without stupid pictures.
- SSUK, on 05/18/2008, -0/+3Nah, they're more like Hollywood depicts, with fancy user interfaces which probably took 3 times longer to design and implement than the rudimentary application took to program.
- CJUNIT, on 05/18/2008, -1/+4"Where The Web Is Weak" coming from Forbes of course...
- diggdiggerid, on 05/18/2008, -0/+3So now I don't have to hack the banks, just a phishing site to download its database of phished accounts! Although I'm pretty sure XSS attacks and SQL Injections are fairly common knowledge among web developers nowadays.
- redwallhp, on 05/18/2008, -0/+2Dugg for the adds too (wait, why are we encouraging them?!?). Insane. I've held-off blanket-blocking ads, but sites like this tempt me to do it...
- DarthShaun, on 05/18/2008, -0/+2Or in 'hackers'... talk about trippy.
- redwallhp, on 05/18/2008, -0/+2Don't even suggest that...
- MalharP16, on 05/18/2008, -1/+3so u dugg it for having a lot of ads?
- JerTheBear, on 05/18/2008, -0/+2Yeah, had to digg this one down as well. Content was interesting, but the explanations of the attacks were clearly from a non-developer. Plus, all the crazy ads and the stupid slide show thingy made it much harder to read the story than need be. Note to self: Stay away from Forbes articles in the future.
- eighties, on 05/18/2008, -0/+2SQL injection attacks aren't anything new.
x' OR '1'='1'; - ltchimpo, on 05/18/2008, -0/+2I know, got to about the third slide on the "in-pictures" before I had a screen full of computer products blocking what i was reading. Closed window. Forbes is a joke of a website.... or just insanely clever using malware-style advertising to drive a point home.
- brinkofacomplex, on 05/18/2008, -0/+1Yeah, with AdBlock, I didn't see a single ad. And Firefox add-on NoScript makes me pretty confident about my protection against malicious software. That and using a Linux distro.
- behrangj, on 05/19/2008, -0/+1Well It is not actually the problem with Web based application. Even client site application can be open to attacks like SQL Injection. In this case the problem is not Microsoft either. The problem is in programmers who write programs without taking the security into account. There should be courses about hacking in uni to teach the students what hackers are doing then they will be more thoughful when they write program in future. In my career I can across many in-secure application even from big vendors for example one big application that I was working on was hiding the menu items that user doesn't have access to and that was the only security layer. The solution to this problem educating the programmers about security matters and also educating the businesses to require the security in the applications as the core feature instead of add-on feature.
Behrang Javaherian
http://www.beyondng.com - flarn2006, on 05/18/2008, -0/+1http://www.microsoft.com/
- michaelpinto, on 05/18/2008, -2/+3That's a great free ad that Jeremiah Grossman (the CTO of White Hat Security) got in Forbes magazine! In the future I'll make it a point to avoid articles in Forbes on technology...
- MaxMWood, on 05/18/2008, -2/+3The text was all too far over to the left, cba moving my chair over to the left to actually read it.
- BlueCadenza, on 05/18/2008, -0/+0No! You can't. The authorities have disconnected these vile hackers from the INTERNET FOR EVER. They are gone for good!
"The sites hosting that malware were identified by security researchers who in turn notified the Chinese Internet service provider and had them disconnected from the Internet"
lol. - Nextrix, on 05/19/2008, -0/+0I am a web designer and developer and every day I see some new people get into this business that don't even have a clue about security on the web, it frustrates the hell out of me! Some of these people, think that just because they went to college or read many programing books that they are prepared for this industry. I don't think there is any job you take a course in that prepares you for everything you need to know. And personally it is even worst when you have managers or the leaders upstairs saying it has to be done and out the door in no time without taking any considerations about all the important things that need to be done first like security, compatibility, and TESTING!! Then it does not even matter if you know the right way to get things done, as you are forced to release it to keep your job in good order.
Where did all the good companies go?! - inactive, on 05/19/2008, -1/+1Not blocking ads is just stupidity. Get a clue.
- inactive, on 05/20/2008, -1/+0YOU GUYS WOULD LOVE TO SEE THIS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The raw power of passion & the spirit of cinema come together. Check this out to see what I really mean. http://www.film-crew.blogspot.com/
© Digg Inc. 2009
— Content created and posted by Digg users is 