Simon Willison’s Weblog

Subscribe

Thursday, 26th June 2008

BUG: XSS Security flaw in BaseCamp Messages (via) BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent BaseCamp’s access control stuff and read messages you’re not meant to. On the flip side, you could also use this to add brand new features to BaseCamp by using JavaScript in a message as a server-side equivalent to Greasemonkey.

# 9:39 am / 37-signals, basecamp, greasemonkey, javascript, security, xss

Bill Gates has pulled off one of the greatest hacks in technology and business history, by turning Microsoft's success into a force for social responsibility. Imagine imposing a tax on every corporation in the developed world, collecting $100 per white-collar worker per year, and then directing one third of the proceeds to curing AIDS and malaria.

Anil Dash

# 5:17 pm / bill-gates, anil-dash, hacks, aids, malaria, microsoft, philanthropy

2008 » June

MTWTFSS
      1
2345678
9101112131415
16171819202122
23242526272829
30