Friday, June 09, 2006
bloglines xss fixed?
The XSS issue in Bloglines that I complained about recently appears to have been fixed. Because of me?
The first thing I did was inform Bloglines.
Then I did some searching, and found out this was a known issue that had been disclosed months ago, and still not fixed. That was the point at which I started blogging about it, both on this blog and Jroller, complete with entries to exploit the behavior. (Note that while the number of people who regularly read this blog is probably less than a dozen, large numbers of Java programmers read everything posted to Jroller, which I why I posted it to both)
So which was it that caused them to fix the thing? Did they finally fix it because I reminded them about it privately, or because I complained publically?
The first thing I did was inform Bloglines.
Then I did some searching, and found out this was a known issue that had been disclosed months ago, and still not fixed. That was the point at which I started blogging about it, both on this blog and Jroller, complete with entries to exploit the behavior. (Note that while the number of people who regularly read this blog is probably less than a dozen, large numbers of Java programmers read everything posted to Jroller, which I why I posted it to both)
So which was it that caused them to fix the thing? Did they finally fix it because I reminded them about it privately, or because I complained publically?