News Networks
Topics
Stories
People

  • My Networks
  • Popular
  • Recent
  • ABC...XYZ
  • Create New
  • Search
  • Popular
  • Recent
  • Rising Fast
  • ABC...XYZ
  • Popular Today
  • Popular Week
  • Popular Month
  • Rising Fast
  • Hot Discussions
  • My Newsmakers
  • My Followers
  • Recently Active
  • Popular
  • Find
  • Invite Friends
Connect
Sign in using facebook |
Log in |
Sign Up


Hi there. I'm Jason, one of the founders of socialmedian.
socialmedian delivers the news, filtered by your network.
We'd love to have you join in.
You can use facebook connect to sign in.
Connect
OR
Log in 
|
Sign up


Create your socialmedian account
Email
Required

Password
Required

The password must be atleast 6 characters
Username
Required

http://www.socialmedian.com/username
This is same as my twitter ID
Security check

I agree to the terms and conditions and the privacy policy.
Loading...


Already a user? Please Log In
Invalid Login!
Email

Password

Remember me:
Loading...


Forgot Password?

Email:

By
Add News Flash
User-submitted headlines for this story

Loading

2
Clips
Facebook, MySpace, and crossdomain.xml
Source: Moderated AppSec Feed - OWASP Foundation's shared items in Google Reader
Nov 06, 2009


Dislike
 
0%
 
0%

Like

Summary

Thanks to the recent recurrence of a vulnerability I wrote about a few years ago and a gentle prod from Simon, I decided it would be good to write about the dangers of cross-domain Ajax with Flash again.



If you read about this story on TechCrunch, note that the "write up explaining all the details" is about an unrelated vulnerability.



I'll try to briefly explain the problem and then show how it relates to Facebook and MySpace. For more background information, please refer to these prior posts:




  • Cross-Domain Ajax Insecurity, which discusses why true cross-domain Ajax is a bad idea, despite many misinformed Ajax developers claiming it's safe.

  • Cross-Domain Ajax with Flash, the post that discloses the vulnerability.

  • The crossdomain.xml Witch Hunt, which mentions other big sites, such as YouTube and Adobe, that suffer from the same vulnerability.



Web technologies that abide by the same-origin policy cannot reside on one site and interact with another. To be a little more specific, if you visit my site, I can't make you update your status on Twitter . If I

...Read the full article

Comments (1)
Renesilva,
Nov 06, 2009
interesante ....
Reply


Add Your Comment
Please enter your Email Id to get a new password
Forgot your password?
Email:

Add something

Snip
News
Site

Instantly Clip News From Any Website
Clip it! on s|m
Or, Enter News Directly Here
Headline:

URL:
(Optional)

Description:
(Optional)

Adding a News...


Add Snip
Adding a Snip...


Now you can import your favorite sites to your socialmedian page
Loading...

Loading...


Is this you?
Stats

Mood
0% Like

0% Dislike

1 Clip

Loading...

Renesilva

Share this story

Network
Email
Tweet
Share with the News Network
Email ID's
(multiple Email ID's separated by commas)
Message
Also post this message as a public comment
Don't worry. We won't share the name or email address of the person that you sent the story to.
Loading...

Message
119

bit.ly (short) url will be added to the message.
Link to discuss this story on socialmedian

Link to the original story

Twitter ID

Password

Save my twitter password
Tweet will be sent using   (change)
Topics

Facebook
myspace
space
xml
AJAX
application
blog
blogging
domain
facebook connect
find
flash
flickr
found
java
javascript
Open
page
people
post
tech
TechCrunch
time
twitter
users
web
yahoo
YouTube
Show more
Show less
Add Topics

Comma Separated.
Belongs to News Networks

Unusual & Interesting. (Users: 1684)
Stories in 24 hours: 375
Google (Users: 341)
Stories in 24 hours: 129
facebook (Users: 550)
Stories in 24 hours: 51
Science & Technology (Users: 597)
Stories in 24 hours: 111
Podcasting (Users: 121)
Stories in 24 hours: 19
"A Twitterati's Source" (Users: 6)
Stories in 24 hours: 98
The Coffee Network (Users: 14)
Stories in 24 hours: 73
social media watch (Users: 2379)
Stories in 24 hours: 392
Campaign 2008 (Users: 1057)
Stories in 24 hours: 577
Ajax Widgets and Demos (Users: 20)
Stories in 24 hours: 0
Web 2.0 (Users: 4872)
Stories in 24 hours: 1014
The Tech 200 News Network (Users: 109)
Stories in 24 hours: 362
Friend Feeding (and lifestreaming) (Users: 435)
Stories in 24 hours: 97
Blogging (Users: 946)
Stories in 24 hours: 195
Technology Breaking News (Users: 246)
Stories in 24 hours: 147
Tech News (Users: 3918)
Stories in 24 hours: 1378
Science (Users: 115)
Stories in 24 hours: 40
twitter (Users: 1826)
Stories in 24 hours: 147
Social Networking (Users: 3783)
Stories in 24 hours: 321
mainSTREAMing Web 2.0 (Users: 20)
Stories in 24 hours: 160
Firefox (Users: 45)
Stories in 24 hours: 49
software development (Users: 399)
Stories in 24 hours: 60
Social Media in Education (Users: 17)
Stories in 24 hours: 44
Show more
Show less
Register using your Twitter ID and we'll help you easily connect
your accounts and find people you already know.

We constantly make updates and enhancements based on user feedback. Follow socialmedian on Twitter
Help us out and report a bug or suggest a new feature! Check out our blog for regular company updates, notables, and to see what we're currently working on.
Report a Bug
Suggest a Feature


 Sending...
close
socialmedian Inc. 2008 - 2009
About socialmedian    |        |    Terms of Service    |    Privacy Policy