We're working on the auto-adding of co-authors exploits
Thank you again for your patience. More soon.
UPDATE: We have plugged this one too.
« New Spam Variety - Co-Author Invites | Main | Weekend spamtacular -- what the heck happened and how we're fixing it »
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/767147/16234902
Listed below are links to weblogs that reference We're working on the auto-adding of co-authors exploits:
Yeah, you fixed it!
My question is... Why did this hole remain open for so long?
Posted by:HMTKSteve | February 19, 2007 at 05:21 AM
Steve -- there are two ways to understand your question and I'm not sure which you mean, so I'll answer both.
Q: Why was this exploit open for the last couple of months?
A: Because we didn't know about it. Almost all of our development time over the last month has been spent working with Yahoo!'s exploit team and this is one area that hadn't fully worked through.
Q: Why was the exploit open so long on Sunday?
A: Whoever identified this and then disseminated the information chose their time *really* well. It's a three-day weekend in the US and the bulk of the engineering team was back in Florida at a wedding.
Posted by:Eric Marcoullier | February 19, 2007 at 07:12 AM
Hi Scott,
This is unrelated to your post but, we love our mybloglog on our ContextWeb company blog, and we were wondering if you would be up for an email Q&A? The Q&A would center around web publishing and advertising - and MyBlogLog.
Continued success and hope to meet you one of these days. If so, I'll buy the first round,
John
John Ebbert
Director of Customer Marketing
ContextWeb, Inc.
22 Cortlandt Street, 9th Floor
New York, NY 10007
917 408 6346 Tel
917 677-8464 Fax
jebbert@contextweb.com
http://www.contextweb.com
Posted by:johntext | February 19, 2007 at 01:19 PM
Eric: Is there a way to remove the "View Reader Community, powered by MyBlogLog" part of it? I want to hack together a special like this, but I can't get it looking exactly how I want it because of those extra lines in there...
http://www.foxyweb.net/apps/imagebin/imgs/1855mybloglog.jpg
that's what I want it to look like, roughly, but I can't get it there...
Posted by:Jonathan | February 19, 2007 at 02:56 PM
Hey Steve, such is the nature of something as viral as MyBlogLog. As a server administrator myself, I've found that people will often choose the worst times to expose "exploits" in a system... and yes, generally they come in waves -- once discovered, they'll be exploited to their fullest in the small window of time (since these guys are smart enough to know that the system will be patched soon).
Posted by:Tamar Weinberg | February 19, 2007 at 03:19 PM
To me, having a validation key in the confirmation function should have been a given.
That is the core of my question: "Why was such a large hole allowed to exist?"
Granted, it is not a very serious hole in that the person who owns the blog has to initiate the adding of a co-author. The blog owner does not get much out of exploiting this hole other than annoying the member who has been added as a co-author and possibly gaining some exposure to that members community and fans.
I take it, from here forward, the engineering team will be checking for similar holes?
Posted by:HMTKSteve | February 19, 2007 at 05:18 PM
Your post have make me something a idea.Thank a lot.
Posted by:Michael | October 17, 2007 at 05:07 AM
Hi, actually I am not sure this is related or not.
why my contact are maintain at 72 people? infact I already added more than that.
this also happens to my http://electricguitartips.net community, The members maintain at 10 even new members are coming in.
Posted by:zack miller | January 15, 2008 at 07:05 PM
Hi Zack, it should be fixed. There was a minor caching issue.
Ian
Product Manager, MyBlogLog
Posted by:Ian Kennedy | January 16, 2008 at 04:03 PM