Is someone on this? Since I've been hacked in the past; I know that it is possible.

Try me.
Tell me your lens and I will make the modification as I describe it in the link I posted.

Don't worry, I won't do anything bad to your Lens.

ps. I am surprised too I haven't heard or seen any reaction so far.

Last edited by ottodv (02/04/2007 10:12 am)

zuzanna wrote:

I wonder if what I describe in my latest post - "What's new in Squidoo's Top 100?" - on my "Mastering Squidoo" blog is the result of the hacker being in action...

If you are referring to me as "the hacker" than the answer to your question is, no. Since I haven't touched anybody's lens without their permission. Even though I could.

However, I cannot exclude that others may have discovered the same exploit. This is precisely why I would like to have this gaping security hole fixed asap.

We have received your bug report and will get to it as soon as possible.

Thanks,
Gil

This bug has now been fixed. Otto, since you did not supply a valid email address in your bug report I am unable to respond there. Thanks for letting us know about it.

Gil

Great news, I verified it and it indeed no longer works.
Thanks for fixing it!

I thought I did supply a valid e-mail. Otherwise you can use the one attached to my squido account or the one on the page I linked in my first mail.

zuzanna wrote:

I wonder if what I describe in my latest post - "What's new in Squidoo's Top 100?" - on my "Mastering Squidoo" blog is the result of the hacker being in action...

What I noticed yesterday (and there is no change today - I see) that 3 lenses in Top 100 have different look - they are narrower, the Adsense lenses have background and the Adsense ad in the sidebar is missing!

As Relache pointed out the 'hacking' you are referring to is an unticked "Max My Lens" box.

In any case Ottodv is saying he can log in as any Squidoo User. And edit modules. There's no mention here or at his page that he can do anything to the layout and Adsense ads (other then also untick the Max My Lens box).

Perhaps you should change the name of your blog from "Mastering Squidoo" to "Squidoo Conspiracy Theories".

Last edited by N376 (02/04/2007 3:15 pm)

Margaret_Schaut wrote:

N, I really don't understand why you are continually rude.  Zuzanna is doing the best she can to  understand what is going on.  Not everyone here, including you,  understands the inner workings of the  alogrithms as Gil does.   If he spent all his time explaining those things to us, he wouldn't have time to fix hackers and chase down spammers. 

If you don't like the contributions Zuza has to make in the lounge, at least you can ignore them.   I request that you apologize to her.   There is no need for her to answer to you for anything.

Continually rude?

Last time I got called out for being rude it was also blogged about. And it was because I didn't understand how or why Amish kids were on the internet.

Speculation is fine. But parading sensationalism as fact isn't going to help anyone. Especially not newbs.

I'm unsure how healthy it is to be continually venting about other people on a blog that is linked from this forum.

In one posting Jeff "looked quite annonyed". I had seen the exchange in the Squidu thread and in my opinion Jeff offered advice. Zuzanna's interpretation somehow had emotion attached.

Though I might detect sarcasm when she asks "did I disturbed his slumber?"?

Orthia, jeffryv and myself were all accused of "attacking lensmaster Margaret and me too for our stand against violation of the TOS by at least one adult lensmaster". When in fact first and foremost we disagreed with Zuzanna's suggestion that all the mature lenses had gone.

There seems to be two sets of rules here at Squidoo. That which you wish to be applied to you and Zuzanna and that which is what the rest of us should be doing.

If I don't like someones contribution I can ignore them or I can offer my own opinion. You obviously didn't ignore my post, which is well within your right.

If it's okay for Zuzanna to ask questions why is it that "There is no need for her to answer to you for anything"? (Not that I actually asked her anything). You also got touchy on Zuzanna's behalf when she asked which bit didn't she understand by Relache.

And Margaret you can ask for an apology on Zuzanna's behalf, but I reserve the right to refuse it.

I'll take a guess and say the bit you have issue with is when I said "Perhaps you should change the name of your blog from "Mastering Squidoo" to "Squidoo Conspiracy Theories"."

After reading about Citizen Squids being guaranteed a place in the Top 100 and other misinterpretations of peoples motives and wild speculations I don't see a need to apologise for my opinion.

Last edited by N376 (02/04/2007 6:58 pm)

ottodv wrote:

Now that the security issue has been resolved, I can safely publish the whole story for those who are interested, including the details on how it worked: http://www.7is7.com/software/hacks/squidoo_exploit.html

You will see how incredibly simple it was and that it was quite likely that someone else would discover it soon... sorry that it's a bit long.

I am off to working on my next lens.

I read your page before and have just read the updates.

I for one wish to thank you. Also to the extent you went to contact Squidoo Support and your unrelenting goal to have this serious flaw fixed.

I wasn't sure what to make of what you said when I first saw this thread, so I didn't respond.

It's good to see that there are people like you in the world. Not just technically minded to try it, but seeing an opportunity and taking creative advantage of it. But using that for good and not evil.

I look forward to seeing your lens portfolio grow and also see you here in the squidu forum as an active contributing member. Please :)

JaZilla wrote:

N376 wrote:

Continually rude?

Well, yeah, you do come off that way a lot of the time, even if you don't mean to. When I posted asking for the ability to use forms, and you replied "iframes. Then add tables and forms to your target page." I felt condescended to, and definitely irritated that my thread had been hijacked with an answer that didn't address the real issue.
But, no grudges, at least you didn't critique my writing skills when I posted that I'd been published...
THAT was so rude that I just deleted the whole dern thread!

So "iframes. Then add tables and forms to your target page"  wasn't an answer?

If you could put a link to the thread in question so people can also see your reply, and then my subsequent response.

I don't see how an on-topic response could be regarded a threadjacking. But hey, you're entitled to an opinion.

N376 - I don't think you're rude!

I think Squidoo loves you

How to get a MILLION myspace friends (1,000,000!!)

The most popular person ever on MySpace --> http://namb.la/popular/