the Chocolate Factory fixed it and has promised not to be so silly again.
Well.. that's ok then. Move along. Nothing to see here.
On April 1st Google had a bit of fun by using the com.google domain to display all content backwards, but the folks at Netcraft think that jape backfired by introducing security vulnerabilities to the search engine. Netcraft's security folks say the joke “... inadvertently undermined an important security feature on Google's …
That omission meant “A remote attacker could" ... turn Safe Search on or off, or set location. And that's on top of the click-jacking potential, which could see users directed to false web pages.
If you were affected by the first option, then it is most likely someone doing it for the lolz, while if you were a victim of click-jacking, then there was probably a financial motive involved for which the black hats would not want to advertise anything was happening.
Talk about a true zero-day, though. If it was patched, then it had to have been done before the day was over; there does not seem to be an archive of the joke site available. I couldn't track down a copy of blighted site. The Wayback doesn't like it. Though Wikipedia has a link to the prank site, it notes that it "was removed the day after and now redirects to the main google.com site." It would be interesting to know why the flaw was posted two weeks after it was a moot point.
If it was patched, then it had to have been done before the day was over; there does not seem to be an archive of the joke site available.
Presumably the "patch" involved removing the misfeature in google.com's servers that recognized the igu=2
query-string parameter and responded by omitting the X-Frame-Options
header. That's the actual vulnerability, and it's independent of the existence of the joke search page.
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
The only comments I enjoy more than the ones with no useful content other than stating that they agree with the OP and have upvoted their comment are the ones where someone comments about upvoting a comment for having no useful content other than stating that they agree with the OP and have upvoted their comment! Upvoted!!!!
This post has been deleted by its author
This post has been deleted by its author
@1980s_coder
> Upvotes and downvotes apply to the whole comment, whereas by replying you can quote a certain part that you agree or disagree with.
> Posting a comment with the pint icon and an 'I agree' or 'plus one', implies that you agree more strongly with something than a mere up or down vote suggests.
> etc. etc.
I'm obviously missing the subtleties of upvoting etiquette ... what does posting two replies to a single comment mean?
In your first post you agree with the OP's first paragraph and, somewhat predictably, in your second post you agree with his second paragraph.
Does this mean the pint glass is half full in one post or more than a pint's worth in the other? Seems to me thy cup runneth over ...
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
I want Strange, Charm, Top and Bottom!
And Truth and Beauty - which strike me as more useful than Top and Bottom, though the former might help other correspondents learn How to be Topp.
How about it, Reg? Surely you can respect our desire to acknowledge the strangeness, charm, truth, and/or beauty of out fellow commentards' work.
This post has been deleted by its author