Comments on: The Digg worm that wasn’t http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/ PHP, Symfony, JavaScript, jQuery, MooTools consultant. Tue, 16 Mar 2010 09:14:49 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Quick Find Tech News » Security Expert Suggests Twitter Focus on Output Escaping not Input Filtering http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4027 Quick Find Tech News » Security Expert Suggests Twitter Focus on Output Escaping not Input Filtering Mon, 20 Apr 2009 16:04:45 +0000 http://devthought.com/?p=827#comment-4027 [...] However, Twitter is not alone in this. Guillermo Rauch found a similar vulnerability in Digg today that he tested and quickly alerted Digg to (Digg has since fixed the bug). You can read about the process here. [...] [...] However, Twitter is not alone in this. Guillermo Rauch found a similar vulnerability in Digg today that he tested and quickly alerted Digg to (Digg has since fixed the bug). You can read about the process here. [...]

]]> By: DionD (Dion DiFelice) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4186 DionD (Dion DiFelice) Sun, 19 Apr 2009 21:10:05 +0000 http://devthought.com/?p=827#comment-4186 Small lesson on #XSS and those nasty little #worms that keep making #Digg and #Twitter sick! http://bit.ly/UTovP #fail #notfun Small lesson on #XSS and those nasty little #worms that keep making #Digg and #Twitter sick! http://bit.ly/UTovP #fail #notfun

]]> By: AllenHarkleroad (AllenHarkleroad) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4180 AllenHarkleroad (AllenHarkleroad) Sun, 19 Apr 2009 15:17:28 +0000 http://devthought.com/?p=827#comment-4180 The Digg worm that wasn’t (Devthought) http://tinyurl.com/c4czdz The Digg worm that wasn’t (Devthought) http://tinyurl.com/c4czdz

]]> By: alzaid (Saleh Alzaid) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4181 alzaid (Saleh Alzaid) Sun, 19 Apr 2009 07:47:50 +0000 http://devthought.com/?p=827#comment-4181 The blog has a pretty design too :) try to drag and drop the clouds :) RT: <a rel="nofollow" href="http://twitter.com/anaimi">@anaimi</a>: XSS on Digg ... http://tinyurl.com/c4czdz The blog has a pretty design too :) try to drag and drop the clouds :) RT: @anaimi: XSS on Digg … http://tinyurl.com/c4czdz

]]> By: anaimi (anaimi) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4182 anaimi (anaimi) Sun, 19 Apr 2009 07:35:10 +0000 http://devthought.com/?p=827#comment-4182 XSS on Digg ... http://tinyurl.com/c4czdz XSS on Digg … http://tinyurl.com/c4czdz

]]> By: Guillermo Rauch http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-3996 Guillermo Rauch Sun, 19 Apr 2009 06:39:30 +0000 http://devthought.com/?p=827#comment-3996 Apparently it should be the same, given <code class="inline">$config['global_xss_filtering'] = TRUE;</code> is enabled. Apparently it should be the same, given

$config['global_xss_filtering'] = TRUE;

is enabled.

]]> By: two_way_web (Two Way Web) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4183 two_way_web (Two Way Web) Sun, 19 Apr 2009 04:39:20 +0000 http://devthought.com/?p=827#comment-4183 RT <a rel="nofollow" href="http://twitter.com/stejules">@stejules</a> The Digg worm that wasn't http://tinyurl.com/c4czdz also C Did Digg Just Dodge a Mikeyy Worm? http://tinyurl.com/d3lzyl RT @stejules The Digg worm that wasn’t http://tinyurl.com/c4czdz also C Did Digg Just Dodge a Mikeyy Worm? http://tinyurl.com/d3lzyl

]]> By: stejules (stejules) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4184 stejules (stejules) Sun, 19 Apr 2009 04:38:03 +0000 http://devthought.com/?p=827#comment-4184 The Digg worm that wasn't http://tinyurl.com/c4czdz also C Did Digg Just Dodge a Mikeyy Worm? http://tinyurl.com/d3lzyl The Digg worm that wasn’t http://tinyurl.com/c4czdz also C Did Digg Just Dodge a Mikeyy Worm? http://tinyurl.com/d3lzyl

]]> By: Claude http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-3993 Claude Sun, 19 Apr 2009 04:33:03 +0000 http://devthought.com/?p=827#comment-3993 Nice job Guillermo. You mentioned that the Symfony framework does a good job of sanitizing input to avoid XSS exploits. Have you tried <a href="http://codeigniter.com/user_guide/libraries/input.html" rel="nofollow">CodeIgniter's XSS filtering</a>, and if so, what's your take on it? Thanks. Nice job Guillermo.

You mentioned that the Symfony framework does a good job of sanitizing input to avoid XSS exploits. Have you tried CodeIgniter’s XSS filtering, and if so, what’s your take on it?

Thanks.

]]> By: mmaunder (Mark Maunder) http://devthought.com/blog/server-side/2009/04/the-digg-worm-that-wasnt/comment-page-1/#comment-4185 mmaunder (Mark Maunder) Sun, 19 Apr 2009 03:51:47 +0000 http://devthought.com/?p=827#comment-4185 Simple XSS exploit for Digg (now fixed) http://tinyurl.com/c4czdz Simple XSS exploit for Digg (now fixed) http://tinyurl.com/c4czdz

]]>