Simon Willison’s Weblog


Saturday, 26th April 2008

Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.

# 9:12 am / iis, massattack, security, sql, sql-injection, sqlserver, xss

We are happy to announce that the Google Contacts Data API now supports OAuth. This is our first step towards OAuth enabling all Google Data APIs. Please note that this is an alpha release and we may make changes to the protocol before the official release.

Wei Tu

# 10:15 am / google, googlecontactsapi, oauth, weitu

Python one-liner of the day. I love the idea of publishing one-liners accompanied by one-line test suites.

# 10:24 am / python, testing

Speechification. “A blog of Radio 4. Not about Radio 4 but of it. We point to the bits we like, the bits you might have missed, the bits that someone might have sneakily recorded. Other speech radio from around the world will no doubt find its way here too.”

# 10:30 am / blogging, radio, radio4, speechification

MediaWiki API. Wikipedia’s best kept secret?

# 6:47 pm / api, mediawiki, wikipedia

Multi-Inflection-Point Alert. Dammit, Tim, stop giving away our competitive advantages!

# 6:48 pm / bigtable, couchdb, java, python, rails, rest, simpledb, soap, tim-bray

2008 » April