Jean's Blog Archive for the Netscape category Who hacked the new Digg-style Netscape August 04 2006 @ 11:46 PM News of the hack was first reported by security company F-Secure on July 26th, a few days after Netscape head Jason Calacanis offered A-list Digg.com submitters $1,000 per month to write for Netscape instead. Visitors checking out Netscape's new format were greeted with pop-ups, created from a cross-site scripting (XSS) vulnerability, containing profanity, redirects to Digg.com, and the comedic proclamation that someone named Tom Way was the sexiest man alive, giving the exploit a prank feel. Hacker ethics, as alluded to earlier, include a set of commandments for "moral" use of the trade. Hackers are not to destroy or damage files. They should notify system administrators about security holes located. They should not steal. They should document and distribute information about exploits. According to D, set to begin as a first-year computer science student, these guidelines were followed in attempt to protect Netscape users from malicious hackers. D directed SecurityProNews to a vulnerability notice posted at Packet Storm Security on June 13th, detailing the XSS bug, a month and a half before the hack. "In itself it's not harmful," said D, "though it was interesting to see how they failed to properly sanitize such a high-traffic site. I poked around some more, and soon realized that they hadn't sanitized the stories submitted to their site either; suddenly it's not so whimsical. Recognizing the potential for insertion of persistent malicious code or phishing attacks, I immediately alerted them to it in an email." D admits that it was "reasonable" to have not received a response from a highly trafficked site, likely with a high level of emails coming in. He decided to take another route by submitting a story to Netscape to alert them to the flaw's presence, without detailing the specifics. Using several accounts he voted the story to the front page, at which point it was "promptly deleted by a moderator," still with no contact from Netscape. Over the span of a week, D says he posted four stories on Netscape and two on Digg, with the later ones detailing part of the exploit. All stories were deleted, he says. " It was about this time that Jason Calacanis and Kevin Rose got into their little blog-spat about Calacanis trying to subvert Digg by paying its top contributors to come over to Netscape. Now I'm confronted with Netscape being both incompetent and unethical, and if Calacanis' scheme works they'll face a huge influx of traffic, people placed in danger by their continued ignorance of this exploit. "Since Jason was being such a t**t and because they continued to ignore my warnings, I decided to alert the general public to the exploit; if that didn't cause them to fix it, apparently nothing would." D used the input form for new stories to add a snippet of javascript with alert boxes. He says he wanted the alerts to be "juvenile and shocking" to get people's attention. Several stories were submitted across popular topic areas to bring wider attention to the problem. "Now that people could see the exploit they could of course execute code themselves; it was dangerous for a short while to go there. As such, I added a redirect to digg.com to several of the code snippets, to get people away from the page as much as possible." Since the exploit was "benign," D hopes that Netscape will recognize how much damage could have been done by someone with malicious intentions, and consider the hack a good deed. "I'm sure they aren't exactly grateful, but one can hope that they won't pursue legal action as I was just trying to help." Who, exactly, is the now infamous Tom Way? Tom is an 18-year-old high school student who claims to not understand any of this cross-scripting "mumbo jumbo." Tom waxes philosophical about Internet fame, saying it's "only slightly less fulfilling than real fame." Neither, Jason Calacanis nor Netscape Chief Architect Brian Alvey could be reached for comment before publication. Credit:securitypronews.com No Comments Nothing against Netscape July 31 2006 @ 03:43 AM I have nothing against netscape but I just cant help notice that when I was going through netscape and I notice that most of the stories are news headlines. Can anyone tell me whats netscape up to, well somebody from the netscape anchors whats netscape up? Why does netscape not permit special characters, its something to look upon, not look over. Netscape wanting to be like Digg, is like Microsoft wanting to beat products such as Playstation / iPod. :D No Comments Netscape - pathetic July 19 2006 @ 04:07 AM I used to have a email account (@netscape.com) back in '98 with Netscape, this is long before AOL acquired Netscape. Around '99 netscape made every user change the email id. Then AOL bought Netscape. Then came a series of changes, one day I found that my mails were all missing, then they seemed to come back. There were times I could not login. Anyway, netscape had a portal which was far more visited site, the reason, netscape browser (it had to be purchased) was sold more than ie, till ie was given free. Then netsape came up with the browser 7.0 shiny interface with curves etc. they probably did enough make money. sun purchased the software section, iplanet etc. Now netscape wants to purchase digg users, this is heights, have they not learnt yet, make your brand and money is atleast the counting factor. 1 Comment