journalism – Terence Eden’s Blog https://shkspr.mobi/blog Regular nonsense about tech and its effects 🙃 Thu, 27 Feb 2025 10:15:53 +0000 en-GB hourly 1 https://wordpress.org/?v=6.9.4 https://shkspr.mobi/blog/wp-content/uploads/2023/07/cropped-avatar-32x32.jpeg journalism – Terence Eden’s Blog https://shkspr.mobi/blog 32 32 <![CDATA[Huffington Post UK XSS Flaw (Disclosed & Fixed)]]> https://shkspr.mobi/blog/2014/02/huffington-post-uk-xss-flaw-disclosed/ https://shkspr.mobi/blog/2014/02/huffington-post-uk-xss-flaw-disclosed/#respond Thu, 27 Feb 2014 12:14:09 +0000 http://shkspr.mobi/blog/?p=9979 The UK version of the Huffington Post was vulnerable to an XSS flaw. This allowed any malicious user to inject images, video, text, and JavaScript into the page.

Huff Po UK XSS

Although the above image show a very silly use of XSS, it could quite easily be used to craft a page to encourage journalists and readers to enter their passwords - and then send them off to criminals.

What's unusual is that it appears to be powered by Google Custom Search - which should really be robust against this source of attack.

I strongly encourage people to read and understand the OWASP Guide to XSS - and their other fine guides.

It will save a lot of heartache later on.

Timeline

  • 20th February 2014 - Disclosed via their "technical problems with the website" form.
  • 21st February 2014 - No response, so escalated to the Executive Editor.
  • 26th February 2014 - Confirmed fixed.
]]> https://shkspr.mobi/blog/2014/02/huffington-post-uk-xss-flaw-disclosed/feed/ 0 <![CDATA[Should Journalists Bother Checking Sources?]]> https://shkspr.mobi/blog/2013/10/should-journalists-bother-checking-sources/ https://shkspr.mobi/blog/2013/10/should-journalists-bother-checking-sources/#respond Thu, 17 Oct 2013 13:38:11 +0000 http://shkspr.mobi/blog/?p=8804 OMG WE'RE ALL GOING TO DIE!!!!111!! Fukushima-fs8 (Subsequently deleted but still available at Fadah Jassem's tweet)

Let's take a look at the article and see if we can determine if this is a trustworthy source... Sleuth-fs8

Hmmm... I see "9/11 Truth", "Bilderberg", "Chemtrails" right next to the image. There's a conspiracy corner in the top right. We haven't even got below the fold yet. Now, that's not to say that sites like these don't occasionally break news - but I'm not sure I'd rely on it for accuracy.

The story is, of course, a hoax. Snopes has an excellent write-up demonstrating quite clearly that this is a map of wave height following a tsunami. They even link to primary and secondary sources.

In fact, if the "journalists" had bothered scrolling to the comments, they would have seen many people debunking this story. Snopes fukushima-fs8 ...along with an advert telling people that water, salt, and milk are killing children.

The thing is, it's not a "stupid fake". It's a couple of stupid journalists who fell for an obviously dubious source. Take a look at the image, notice the scale on the right hand side? It is in centimetres which - for those of you without a physics GCSE - isn't a measure of radiation.

Citizen Journalism gets a bad name. But compared with two actual card-carrying journalists, it's not that much worse.

Journalists have a great opportunity to connect with their readers on social media - Alexi Mostrous has over 10,000 followers - but journalists obviously still need the filter of a good editor. Or just some common sense. That is, unless they want to become mere rumour-mongers and let their readers do their fact checking for them.

]]> https://shkspr.mobi/blog/2013/10/should-journalists-bother-checking-sources/feed/ 0