The ongoing Digg versus Netscape spat has apparently escalated into a hacking attack that launched comical pop-up alerts and redirected users away from the new AOL social media site.
The ongoing Digg versus Netscape spat has apparently escalated into a hacking attack against America Onlines Netscape.com social media Web site.
Virus researchers at Finnish security vendor F-Secure discovered the Netscape.com hack during research work around cross-site scripting vulnerabilities on social networking sites and said the attack was obviously the work of Digg fans.
Netscape.com, which was relaunched in June 2006
as a hybrid news site combining editor-driven news and user-submitted stories, has been panned as a blatant rip-off of Digg
, the social news site that popularized the concept of swarms of users voting on the value of news articles.
The verbal tiff between the rival sites escalated in recent weeks when Netscape.coms Jason Calacanis offered to pay
Diggs top submitters, prompting a sharp rebuttal from Digg founder
Click here to read about PayPals struggle with a cross-site scripting flaw.
"Fortunately no one has tried to inject malicious code, yet," Masood added.
America Online spokesperson Andrew Weinstein confirmed that a weakness in the Netscape.com user submission process led to the exploit, which affected the site "for a few hours, in the middle of the night."
"The [Netscape.com] site wasnt adequately filtering story submission from users. Some users were able to submit stories with code that had the cross-site scripting exploit," Weinstein said in an interview with eWEEK.
He confirmed that the code was being used to redirect users to rival Digg.
"Weve fixed the filtering process and will continue to review the site to strengthen the quality of the service for all our users," Weinstein added.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.