My Findings on Yahoo Buzz Hack on FireFox
Yahoo Buzz got hacked on Jan 30 2010, the hack only happens on Firefox browser. Get all my findings, evidence and analysis here. I named this hack as YBuzz Patois Hack. The hack is actually a shame thing!
Yahoo Buzz is one of my favorite web 2.0 sites to catch up with many interesting things on the web. It is a kind of a popular social bookmark site similar todigg, reddit, stumbleupon, buzzfeed, etc.While browsing around Yahoo Buzz on Jan 30 2010, I stumbled across a silly yet interesting thing on one of the Buzzes. There is a buzz titled "China suspends U.S. military exchanges over Taiwan arms (Reuters)".
When you get there, you will get a dialog box saying "Click here if you think Patois's pussy smells of dead fish!". Below is the screenshot of the buzz that I took at about 10.15 PM Sydney time.
Firstly, I just laughed a bit and I was thinking "he he, Yahoo wants to make us a bit horny...", but then I got alerted and said to myself "Hey this is Yahoo ... it is not xxx site!!, What the hell...."
I was a bit confused as to why such a credible and high authority site like Yahoo gives us that silly message? Is this a joke or what? I then looked at my online datetime clock, no it's not April Foo yet. Finally I realized that this is actually a hack that happened on Yahoo Buzz!
After that I tried to check other Buzzes, I looked around and browsing buzzes that published around the same time. Nothing happened! There isno other Buzzes that pops up that dialog box! It is the only Buzz that pops up the silly message.
I was so curious because Google was hacked in China recently and this could be related to Chinese thing. Obviously, the buzz is about China and maybe Chinese hackers don't like it so they hackedYahoo Buzz? Or more worst thing, was the hack done internally from Yahoo office (Same as that allegation happened to Google hack?). I got many questions popped up in my mind.
So I was so curious to dissect the hack. I was thinking "What Why Who did this hack". In short, what is the motive? Is this just for fun? Most importantly who did this?
The hack is actualy a simple hack. It is just a javascript dialog that displays a message. After you click the ok button, the dialog box will disappear. I know this kind of hack happened before. You can do that just by inserting a script on comment area. But that's years ago, nowadays all website has a protection for such simple hack. Is Yahoo Buzz prone to his old and simple hack?
First, I analyzed the buzz in more detail. The buzz in question was published by a Yahoo Buzz user named um ok. This is his second buzz. The first buzz made by him was on Jan 27 2010, his first buzz title is "Running Shoes Changed How Humans Run (LiveScience.com)"
I clicked his first burst and head over there. However, all is good. His first buzz has nothing of that hack. This means the hack was not by him.
I then looked at the html source of the web page. Interestingly, the script was placed in the comment area. Below is the screenshot of the script.
Moreover, I checked the first guy who made the comment. His user name is patois. Aha! So this guy who did the hack. He actually placed a javascript that pops up the message and patois is his avatar name. I finally gave this hack a name after this guy, YBuzz Patois hack. Sounds good doesn't it?
Ok he did the hack, that is the answer. Finished! But now the question is why Yahoo Buzz is prone to a simple and stupid hack? I was also curious why there are no other people complain? Are they just ignoring it?
After that I had a question in my mind. Is this related to browser issue? I then tested to run the web page on my IE7 and Chrome, surprisingly, there is no dialog pops up. So my conclusion is that the Yahoo Buzz glitch just happens on Firefox browser. I am using Firefox 3.5 anyway.
There is nothing special about this simple hack, but who is responsible for that? Yahoo or Firefox? Regardless who would take it, however, this hack is really a shame thing for such a big site like Yahoo Buzz. If that happens on a personal homepage of someone, it is acceptable! but for Yahoo that is a big lame!
Anyway
0 comments:
Post a Comment