Simon Willison’s Weblog

Subscribe

Saturday, 26th April 2008

Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.

# 9:12 am / iis, massattack, security, sql-injection, xss, sqlserver, sql

We are happy to announce that the Google Contacts Data API now supports OAuth. This is our first step towards OAuth enabling all Google Data APIs. Please note that this is an alpha release and we may make changes to the protocol before the official release.

Wei Tu

# 10:15 am / weitu, oauth, google, googlecontactsapi

Python one-liner of the day. I love the idea of publishing one-liners accompanied by one-line test suites.

# 10:24 am / testing, python

Speechification. “A blog of Radio 4. Not about Radio 4 but of it. We point to the bits we like, the bits you might have missed, the bits that someone might have sneakily recorded. Other speech radio from around the world will no doubt find its way here too.”

# 10:30 am / speechification, radio, radio4, blogging

MediaWiki API. Wikipedia’s best kept secret?

# 6:47 pm / mediawiki, wikipedia, api

Multi-Inflection-Point Alert. Dammit, Tim, stop giving away our competitive advantages!

# 6:48 pm / tim-bray, couchdb, simpledb, bigtable, rest, soap, python, java, rails

2008 » April

MTWTFSS
 123456
78910111213
14151617181920
21222324252627
282930