Sign in / up

back to article Weather Channel forecast: Bleak, with prolonged XSS

The Weather Channel has dammed a downpour of cross-site-scripting vulnerabilities that soaked three quarters of links on the popular site, security bod Wang Jin says. The website received a tsunami of traffic with more than a billion unique visitors checking in each month according to Drupal which noted it was the "highest …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Gene Cash Silver badge

    Good

    Weather Channel sucks. They take the NWS RADAR images, pixelify them for lower resolution, and serve them up with ads and XSS 20 minutes late.

    0 1 Reply
  2. Anonymous Coward
    Happy

    I always prefer...

    ...the weather underground (no, not the 60's terrorist org). Only because it includes our village weather station that is usually pretty darn good.

    2 0 Reply
  3. Turtle

    What a coincidence!

    What a coincidence! I had been using weather.com for years, but stopped about a week ago, after they rolled out their new, less usable site design, which lets you have even *less* information on the screen at one time than before - and "before" was already a disimprovement from their previous layout.

    For some reason, website designers think that people go to websites in order to click buttons and play with gadgets than accomplish a purpose.

    6 1 Reply
    1. Anonymous Coward
      Reply Icon
      Unhappy

      Re: What a coincidence!

      Is that why my bookmark for my local weather no longer works.

      0 0 Reply
  4. batfastad

    Drupal

    And when they say "highest trafficked Drupal site in existence" what they actually mean is it uses Drupal to generate static HTML. All user requests are served by the most excellent Varnish cache, as are most sites that use Drupal.

    0 0 Reply
    1. Dr Zoidberg
      Reply Icon

      Re: Drupal

      What's your point?

      0 0 Reply
      1. batfastad
        Reply Icon

        Re: Drupal

        Drupal's a dog.

        0 0 Reply
  5. Gary Bickford

    Were these Drupal vulnerabilities, or Weather Channel specific?

    Enquiring minds want to know. IOW, does every Drupal site operator have to look into this problem?

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Were these Drupal vulnerabilities, or Weather Channel specific?

      Neither AFAICT

      0 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Has anyone fact checked this?

    I can't seem to find any example of this being a problem. Can anyone validate this? The only reference I can find to the vulnerability is here http://securityrelated.blogspot.sg/2014/11/the-weather-channel-weather.html and the video and images show the OLD site, not the new (Drupal) one.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like