Borat

30-Sep-06

borat.jpg
I just saw this clip of Borat and it reminded me how I’m waiting to see Sacha Baron Cohen’s next movie “Borat: Cultural Learnings of America for Make Benefit Glorious Nation of Kazakhstan“…

This clip is extremely funny:

And so is this one:

And 24 minutes more of his hilarious show:

Filed in Art, Audio-Video, Funny, People, TV | Permalink | Comments (1) »

8-0.net

27-Sep-06

8-0
And now 8-0.net is now powered by Gmail too. It’s about time… Soon, I’ll be writing “8-0 est. 2000“.

Filed in Geek & Tech, Internet, People | Permalink | Comments (0) »

Flickr full.

19-Sep-06

creosote.jpg
2Gb in the last week…
I can’t even upload this image

Filed in Art, Funny, Geek & Tech, Internet | Permalink | Comments (0) »

Weeds

15-Sep-06

Weeds

Weeds, just started its 2nd season and I still have a crush on Mary-Louise Parker.

But SHO (Showtime) does not care about viewers out of the US. If you live outside the US, the official Weeds site contains an apology, and nothing else: “We at Showtime Online express our apologies; however, these pages are intended for access only from within the United States.” Google’s cache of the site, showed me how irrelevant it was to hide it from my foreign eyes: screensavers, wallpapers, cast presentation, and the usual stuff you could find on any such website…

Filed in Internet, TV | Permalink | Comments (0) »

Security bug on Flickr mobile site

06-Sep-06

FlickrFlickr mobile site has a bug that could be a security threat to your account if you give the wrong URL to the wrong person. Read below and be careful.

Update: The fake account I created got abused, as it was to be expected, and eventually it got deleted altogether. I am not going to re-create a fake account just to illustrate this post, but you can try it yourself with your own account: 1. copy the URL of your Flickr Mobile page, 2. Log out, 3. Visit this page and notice you are logged in again…

The other day, I wanted to email a photo to a friend’s mobile phone. Flickr has a mobile version, so I sent him the URL of the Flickr page instead of just the photo. I checked the URL of the photo page, and copy-pasted it in the email I sent him. He looked at the photo, and he browsed a little from there. Then, when he posted a comment on another person’s photo, he realised he was actually logged in as ME and I appeared as the one who posted the comment! The URL of the mobile site I sent him originally had logged him with my account automatically…

To illustrated this post, I created a fake account on Flickr. When I am logged in and I browse the mobile site, I can see a page with this URL: http://www.flickr.com/mob/photo.gne?id=235738450&s=4678537.e8fd32fd3ac382198112a45e36c0ad44&time=1157525891
. Now, if you click on this link, you will automatically be logged in as ME in MY account.

To prevent this, I just have to remove my info from the URL (i.e. “s=XXX”) and give this link instead: http://www.flickr.com/mob/photo.gne?id=235738450. You will see the pic but my info is not embedded in the URL anymore.

Although it does not appear too serious, people with access to your account could do many harmful things from changing your password to posting spam comments under your name for example.

I would not have posted a security flaw on my blog if it was a direct exploit which does not involve a manipulation from the user. The purpose of this post is of course not to harm Flickr, but rather to prevent that someone makes the same mistake I made, until Flickr fixes the bug.

Digg this story here.

N.B.: I love Flickr and I pay for their excellent service. I am not in any way affiliated with them or their competitors.

Read also: Gmail addresses available with a shorter / cooler domain name

Visit: Cheap domain names

Filed in Art, Audio-Video, Computers, Geek & Tech, Internet, People | Permalink | Comments (0) »

« Older posts
Home