27 mai 2007

Reddit.com has been hacked !

Reddit, one of the most popular social news sites, has just been hacked with a pretty bad exploit. As a story making its way up reddit’s front page demonstrates, reddit’s programmers have made a major mistake in designing the site- they did not validate input in any text boxes on the site. From a security standpoint, this is a massive flaw.

Because reddit does not validate input and strip out potentially malicious code, anyone can enter a script that, using XSS, can steal your login and password for reddit or execute malicious code. As far as exploits go, this one is extremely serious. A similar exploit on MySpace wrought havoc with the site. It remains to be seen how quickly reddit responds to the threat. As of right now, the exploit is still working. So far, redditors are just playing around with the exploit, but it is only a matter of time before someone writes a malicious script that will start hijacking reddit accounts, perhaps using them to upvote stories for their own benefit.

via neomeme.net


Piticu spunea...

aha ... deci daia nu mi se mai valideaza mie linkurile de acolo ;)