Neil Turner's Blog

Blogging about technology and randomness since 2002

Security flaw in Blogrolling

Blogrolling.com has quite a large security flaw that lets you edit other people’s blogrolls. It has already been used to comedy effect – blogsforbush.com now has a link to John Kerry’s campaign site.
It does, however, seem apparent that whoever decided to post the details of the flaw didn’t bother to inform Tucows first.
Update: The flaw has been fixed. I originally found this via Dan Gillmor and Wizbang rightly argues that Dan’s featuring of this before the flaw was fixed was unprofessional and put people’s sites at risk.

3 Comments

  1. Blogrolling vuln

    It looks like Blogrolling.com had a serious security vulnerability in that it allowed anybody with an account to edit anybody elses blogroll! I’m surprised nobody took massive advantage of this in the hour it took from disclosure to fix and…

  2. Thanks for the ping. I’m not seeing anything at Blogrolling just yet that advises it’s been fixed. Am I missing something? The page you linked says they’re aware of it and working on it – but no resolution yet.

  3. Blogrolling’s big security issue

    UPDATE: – Blogrolling has announced that the issue is resolved. – I had informed the Blogrolling.com support system about the issue at 5/12/2004 5:11 AM. So please do not accuse me of being unethical. By the way, I’m sure hadn’t the issue gone public, …