MeFi link goes to bad stuff November 12, 2006 12:34 PM   Subscribe

The FPP on Kancept links to a blog which allows scripts in the comments, some of which launch nastiness. When I clicked it in Windows running Firefox 2.0 (having forgotten to update the "noscript" extension) the page tried to launch telnet, make a skype call, launch Outlook Express, and god knows what else before I killed the browser. The comments also display some very, very NSFW animated gifs. I'll be sad to see it go, because the site looks cool, but this is unsafe. I warned people in the thread as well and another MeFite (the astute developer Civil_Disobedient) concurs with my findings. Maybe someone should warn the site admin as well that his blog is being used to launch exploits.
posted by edverb to MetaFilter-Related at 12:34 PM (53 comments total)

This calls for a shunning.
posted by cortex at 12:36 PM on November 12, 2006


It got me, too.
posted by SilverTail at 12:43 PM on November 12, 2006


I tried to submit feedback to the site admin, but I don't see my post there. I was also not too keen on putting my real email address into the form of a site that appears utterly compromised (if they have comment handling vulnerabilities, who knows what other things could be compromised)?
posted by edverb at 12:45 PM on November 12, 2006


Wow, I've never seen Firefox block 200 popups from one site before.
posted by TungstenChef at 12:45 PM on November 12, 2006


Is that one of those GNAA things launches all sorts of shit? I hate those guys. Luckily I have updated noscript.
posted by bob sarabia at 12:45 PM on November 12, 2006


If, on the first page, you click "YES" to "would you buy this product" (which I just did to be nice) all hell breaks loose. Could that be caused by a third-party comment?

(And, no, I don't what to join the alt.faggot user group.)
posted by StickyCarpet at 12:47 PM on November 12, 2006


Is that one of those GNAA things launches all sorts of shit?

Yes, precisely.
posted by edverb at 12:47 PM on November 12, 2006


Got me too. Why doesn't FF 2.0 block those popups. I may have to puke.
posted by The Bellman at 12:59 PM on November 12, 2006


Totally freaked out Safari too, with many new windows opening... and I have pop-ups blocked. Had to force-quit.
posted by Fofer at 1:03 PM on November 12, 2006


I had visited it when it was first posted, and all was well. This time, it got me, big-time.
Should I not say out loud, I hope we didn't make them a target?
posted by unrepentanthippie at 1:06 PM on November 12, 2006


Post should be removed ASAP.
posted by Rhomboid at 1:39 PM on November 12, 2006


I'm using Firefox, and I'm pretty sure I clicked "yes" on one of the pages. No noticeable problems with the site.
posted by mediareport at 1:43 PM on November 12, 2006


Wow, that site is pretty much ruined at this point. I got a loud "hey everyone I'm looking at gay porno!" and a page full of goatse images fighting to be on top with a bunch of other boxes.

Linking to it at this point serves no value at all, sadly.
posted by delmoi at 1:45 PM on November 12, 2006


Er, "serves no purpose" or "holds no value", I should say...
posted by delmoi at 1:45 PM on November 12, 2006


Sorry everyone. Worked fine when I viewed it. Mattamyn, please hope etc.
posted by dirtynumbangelboy at 1:54 PM on November 12, 2006


Okay, I'm not going back to look at that site again, but I'm curious--what was it? A space for students to post their portfolios? A collection of design concepts for our amusement?

Where did they get their content? I first saw the transparent toaster at the web site for Inventables. Is this the same oragami cell phone?
posted by hydrophonic at 2:01 PM on November 12, 2006


It's just a bunch of conceptual drawings with a "would you buy it? yes/no?" If you use Firefox just install noscript and you don't have to worry about the GNAA business. Although I do find that "hey everyone, I'm looking at gay porno!" thing to be pretty amusing.
posted by bob sarabia at 2:11 PM on November 12, 2006


...actually, yes it is. I was under the impression that Kancept was user-submitted concepts. Possibly some people just grabbed from Inventables and posted on Kancept.
posted by dirtynumbangelboy at 2:11 PM on November 12, 2006


I AM NOT LOOKING AT GAY PORNO


much
posted by dirtynumbangelboy at 2:12 PM on November 12, 2006


hydrophonic: Origami cell phone was on there. As was the Bombardier single-wheel scooter. A handful of the "designs" seemed to be mis-appropriated or misattributed.

And that NAVPAQ commenter is a total tool - more so than the GNAA troll. Every single comment by them made me briefly wish I could reach through the internet and slap his mug stupid - but only I wished only oh so briefly 'cause I'm chillin' with some fine coffee on a fine Sunday afternoon.
posted by loquacious at 2:14 PM on November 12, 2006


I heart Opera.
posted by five fresh fish at 2:34 PM on November 12, 2006


It would probably be safest to directly link to the images themselves. If someone would care to go through the site and do this, I'm sure many of us would appreciate it.
posted by Civil_Disobedient at 2:40 PM on November 12, 2006


Jesus, I just closed it. I got a zillion tubgirl windows on my mac that required unplugging my computer to get it to stop.
posted by mathowie (staff) at 2:50 PM on November 12, 2006


IE7 on Vista was unaffected. FireFox 2.0 went batshitinsane.

Interesting.
posted by purephase at 2:58 PM on November 12, 2006


Why in the hell would anyone be using IE7 on Vista?
posted by bob sarabia at 3:35 PM on November 12, 2006


Yeah, doodiehead! It's only the default browser on the OS and all.
posted by stavrosthewonderchicken at 3:55 PM on November 12, 2006


Wow. I'm sure glad I was too lazy to click on anything—just looked at a couple of things and left. Early on, too, apparently before the Evil began to spread and mutate.
posted by languagehat at 4:06 PM on November 12, 2006


Yeah, doodiehead! It's only the default browser on the OS and all.

I guess I should have shortened that to "why would anyone be using Vista?"

And then I would have separately asked "why would anyone be using IE7?"
posted by bob sarabia at 4:42 PM on November 12, 2006


Eh, no problems for me. That's why I run noscript.

StickyCarpet writes "If, on the first page, you click 'YES' to 'would you buy this product' (which I just did to be nice) all hell breaks loose. Could that be caused by a third-party comment? "

Yeah, because when you click "YES", the site displays the next concept; when that next page is displayed, third party comments on that next page run.
posted by orthogonality at 4:51 PM on November 12, 2006


I guess I should have shortened that to "why would anyone be using Vista?"

I'm actually warming to it, quite quickly.

And then I would have separately asked "why would anyone be using IE7?"

That is a good question, true.
posted by stavrosthewonderchicken at 4:58 PM on November 12, 2006


No problem for me, and I clicked many times (and no, I don't use noscript).
posted by darkripper at 5:00 PM on November 12, 2006


No pop-ups for me, which is good. I noticed that noscript stopped something from running, so I added this filter to Ad Block Plus - *lol.on.nimp.org*. Reloading the page removed all the attempted scripts and made it look normal. Doing a search on the site leads me to believe that it's a major greifing site, so you may want to add it to any list of sites that you have where you should never go and will always disallow.

Doing a little more digging led me to this comment on the New Grounds boards:

Get ahold of her email address and sign her up to a shitload of porn sites.
Also, send her countless emails with this link:

WARNING DO NOT CLICK THIS LINK!

www.lol.on.nimp.org

The link will autospawn popups and crash her PC
The "lol" can be replaced with anything, so to make her unsuspiscious, rewrite the link with different words other than "lol". Try and be cunning and say shit like "Haha look at this link i found of a boy getting owned" or something.

I REPEAT, DO NOT USE THE LINK ABOVE ON YOURSELF.


So, maybe change (or add a new line) the filter to be *.on.nimp.org*. Either way, forwarned is forearmed, right?
posted by Zack_Replica at 5:12 PM on November 12, 2006


Yay for noscript.
posted by maxwelton at 5:22 PM on November 12, 2006


bob sarabia said:
I guess I should have shortened that to "why would anyone be using Vista?"

And then I would have separately asked "why would anyone be using IE7?"


Given that my job requires me to run it, I would say that that would be a particularly good reason. As for IE7, I do prefer Firefox and Opera but IE7 cannot be ignored (as it's the default browser on Vista) and if I'm not familiar with it then my livelihood is at stake.

I was not a fan of Vista until I installed the final release. MS has done a rather fantastic job of cleaning up the beta and RC issues since it was damn near unusable. I'm still not completely sold but it is showing more promise than I anticipated.

(If it makes you feel any better this comment was written in Firefox.)
posted by purephase at 5:27 PM on November 12, 2006


(One of) The link(s) that caused everybody trouble - www.*.on.nimp.org - is a mirror site for Last Measure (answers.com info page), which explains the issues.
posted by Zack_Replica at 5:59 PM on November 12, 2006


Interestingly IE has had "noscript" functionality since 5.0 I think, with trusted zones and stuff.
posted by delmoi at 5:59 PM on November 12, 2006


Browsing the web in Windows is like having unprotected sex with dirty, filthy whores every single day.

How do you guys put up with it?
posted by StrasbourgSecaucus at 6:04 PM on November 12, 2006


Zack: I was wondering why you linked too answers rather then wikipedia, but it Seems like answers.com keeps wikipedia links that have been removed or redirected. Weird.

Also, I finaly saw the infamous rustina.jpg image. How disappointing.
posted by delmoi at 6:10 PM on November 12, 2006


Browsing the web in Windows is like having unprotected sex with dirty, filthy whores every single day.

Congratulations, you've written the stupidest thing I've read today! Here, have a cookie.
posted by stavrosthewonderchicken at 6:11 PM on November 12, 2006


Browsing the web in Windows is like having unprotected sex with dirty, filthy whores every single day.

Um:
Jesus, I just closed it. I got a zillion tubgirl windows on my mac that required unplugging my computer to get it to stop.
posted by mathowie at 2:50 PM PST on November 12 [+ 1 favorite][!]
Emphasis mine.
posted by delmoi at 6:13 PM on November 12, 2006


It was the first link that I found, and as it had all the info, I didn't think of checking the wiki.
...
Now that I have, I see that answers seems to have more info specifically on Last Measure. Strange.
posted by Zack_Replica at 6:18 PM on November 12, 2006


i lurvs my linux.
posted by quonsar at 6:48 PM on November 12, 2006


Fine, let me be the first to say it: I &hearts Vista and I &hearts ie7*

but I use Firefox because I can't let go of ad-block, and vista doesn't like my graphics card, so I'm back to XP. But I dream of someday using the default settings and not spending days tweaking my OS after a first install.... Someday...

oh, and FREE THE IMG TAG!
posted by blue_beetle at 6:50 PM on November 12, 2006


Hmmm, looks like ♥ aren't working... I guess I missed the thread on html entities... or something...
posted by blue_beetle at 6:51 PM on November 12, 2006


nevermind
posted by blue_beetle at 6:52 PM on November 12, 2006


DON'T FORGET TO DRINK YOUR SEMICOLON.
posted by Civil_Disobedient at 6:58 PM on November 12, 2006


Why the hell are we putting up with the idiocy of MSIE?

I propose the majority of the net population is well aware that MSIE represents a security risk to their personal data. I can not for a moment believe there'd be much protest should a web site/service insist on the use of a better web browser, like Firefox, Safari or Opera.

The people behind the web services have the ability to make open standardisation work. The majority of the browser providers are quite willing to work to open standards. Both Opera, Safari, and Firefox actively strive to meet the common open standards.

There is absolutely no reason at this time to bother supporting MSIE's non-compliancies. Insist users choose a reliably-secure, standards compliant browser. The time is absolutely prime to lead the population toward their best interests.
posted by five fresh fish at 7:51 PM on November 12, 2006


Yes, both those three...
posted by five fresh fish at 7:52 PM on November 12, 2006


I propose the majority of the net population is well aware that MSIE represents a security risk to their personal data.
I doubt that even the majority of those people who earn their living developing content for the 'net are aware of this, in my (limited, but real-world) experience. Sad, but I honestly believe this is true. How else to you explain why organisations like banks go to such lengths to try and force users to conduct their business using IE? The vast majority (perhaps as high as 90%) of users don't even know that it is possible to use the Internet without IE. Again, sad but true.
posted by dg at 8:10 PM on November 12, 2006


God, what a depressing thought.
posted by five fresh fish at 9:53 PM on November 12, 2006


Well, no, not really.

We're all going to get sick and die someday, quite possibly alone and destitute. Now that's a depressing thought.
posted by stavrosthewonderchicken at 10:16 PM on November 12, 2006


delmoi writes "Interestingly IE has had 'noscript' functionality since 5.0 I think, with trusted zones and stuff."

Unfortunetly it was awkwardly implemented and hard to change on the fly.
posted by Mitheral at 9:30 AM on November 13, 2006


The vast majority (perhaps as high as 90%) of users don't even know that it is possible to use the Internet without IE.

So true. I have had many, many conversations that go something like:

Them: So, how can I protect myself against this spware and stuff?
Me: Well, for a start, you can stop using Internet Explorer.
Them: What, you mean, stop using the Internet?!
posted by chrismear at 2:25 PM on November 13, 2006


« Older San Francisco meetup photos   |   Jobs Expiration Newer »

You are not logged in, either login or create an account to post comments