Simon Willison’s Weblog

Subscribe

Wednesday, 6th June 2007

Massive Dreamhost hack, WordPress not to blame

On mezzoblue, Dave Shea reports that someone had modified every index.php and index.html file on his site to include spam links at the bottom of the page, hidden inside a <u style="display: none;">. Dozens of other people in his comments reported the same thing happening to their sites.

[... 279 words]

IE vulnerability allows cookie stealing. Full exploit against the same-domain cookie origin policy, so malicious sites can steal cookies from elsewhere. Avoid using IE until this is patched.

# 9:53 am / cookies, ie, samedomain, security

Gaping holes exposed in fully-patched IE 7, Firefox (via) Michal Zalewski released a new Firefox 2.0 vulnerability in addition to the IE cookie stealing one.

# 9:57 am / firefox, ie, michal-zalewski, security

Firefox promiscuous IFRAME access bug. Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched?

# 10 am / camino, firefox, iframes, michal-zalewski, security

The CSS working group is irrelevant. “Someone really needs to do to CSS what the WHATWG has been doing to HTML”.

# 10:10 am / css, hixie, ian-hickson, stardands, w3c, whatwg

Talking to the internal GPS in my N95 from Python. Thanks to a new LocationRequestor module for Python Series 60.

# 10:31 am / gps, nickburch, nokia, pyseries60, python

Sun Identity Provider for OpenID. “We’re talking to partners about offering special services to Sun employees that use this service for authentication.”

# 12:57 pm / openid, sun

2007 » June

MTWTFSS
    123
45678910
11121314151617
18192021222324
252627282930