Wednesday, February 25, 2009

Adjix Security Hole... Sam Is On A Roll

Sam, InsideWork's CTO, discovered a security hole in Adjix, which is the URL shortener that inserts text ads at the top of the page. A summary is on their blog:

Security Hole Found, Fixed, and Deployed

Just before 10 am PST, today, a security hole was discovered, by chance, in Adjix2Twitter by Sam Nguyen which allowed him to post this tweet to Guy Kawasaki's Twitter timeline. I'd never heard of Sam or his company before today - he is the CTO at InsideWork which "infuses business innovation with biblical insight".

Since Twitter is about as real-time as it gets, the following happened within an hour of the problem being discovered by Sam:

1. I saw the tweet as soon as it was sent and I immediately reviewed the logs to discover that Guy hadn't posted it from his own Adjix account.

2. NEENZ, who is Alltop's Chief Evangelist, DM'd me about the tweet and called Guy.

3. A number of Guy's followers @'d him regarding the tweet - and many also RT'd it, seemingly "in the blind".

4. Twenty minutes after Sam discovered the problem he sent an e-mail to me outlining what he had done and I called him to get the details.

5. Guy, who was in a meeting when this happened, called me after the meeting to find out what was going on and what he needed to do.

6. Guy disavowed the tweet and proclaimed his love for Adjix. (more)

No comments: