Terence Eden’s Blog

Huffington Post UK XSS Flaw (Disclosed & Fixed)

By @edent · journalism security xss · 150 words

The UK version of the Huffington Post was vulnerable to an XSS flaw. This allowed any malicious user to inject images, video, text, and JavaScript into the page. Although the above image show a very silly use of XSS, it could quite easily be used to craft a page to encourage journalists and readers to enter their passwords - and then send them off to criminals. What's unusual is that it appears to be powered by Google Custom Search - which should really be robust against this source of…

Continue reading →

Should Journalists Bother Checking Sources?

By @edent · journalism · 300 words · read ~283 times.

Journalist reposting a fake tweet about Fukushima.

OMG WE'RE ALL GOING TO DIE!!!!111!! (Subsequently deleted but still available at Fadah Jassem's tweet) Let's take a look at the article and see if we can determine if this is a trustworthy source... Hmmm... I see "9/11 Truth", "Bilderberg", "Chemtrails" right next to the image. There's a conspiracy corner in the top right. We haven't even got below the fold yet. Now, that's not to say that sites like these don't occasionally break news - but I'm not sure I'd rely on it for accuracy. The …

Continue reading →