Jan 20
The perl.com porn site redirect exploit isn’t new.
We tend to often trust the people that we load JavaScript from too much. So many new startups require you to just include that little tidbit of JavaScript. “Just copy and paste this somewhere on your blog”.
Of course, if the site gets compromised in anyway you are loading script from the Bad Guys. If you are a bad guy what are you doing? Looking for third parties that offer services that people embed, and watching like a hawk to see them mess up their DNS so you can pounce. You have automated systems to do this.
Watch out, and let’s get together to work out a possible solution, whether it be short term or longer.
January 21st, 2008 at 3:26 am
That google caja link is missing the protocol — it’s rendering as a relative link.