MetaFilter, on the other hand, fixed its site within two days of being told about it… [more inside]
posted by oaf on Oct 7, 2008 - 37 comments

www.metafilter.com just redirected me several times to the login page. Then I received a warning message about security certificates. I chanced it and logged in, now everything's normal. Anybody else getting this? (btw, subdomains also redirected me to the login page). [more inside]
posted by Baby_Balrog on Sep 30, 2008 - 19 comments

so, about this post --> http://www.metafilter.com/73909/History-of-the-DC-Universe ... please read all of more inside first before looking at the post. [more inside]
posted by yeoz on Aug 7, 2008 - 44 comments

Whoa - security/cookie issues? [more inside]
posted by jkaczor on Jul 21, 2008 - 17 comments

This post which raised the issue of fears among some in the African-American electorate that Barack Obama would not be safe as president. The thread was shut down for reasons of WTF. Not exactly sure what the problem was, and I was disappointed, as I had recently heard about this and was hoping the thread would shed some light on the issue. This NYT article would be a good starting point for discussion.
posted by flotson on Jan 6, 2008 - 47 comments

I got a "Your MetaFilter password request" e-mail but I didn't request my password? [more inside]
posted by zaphod on Sep 13, 2007 - 27 comments

New firefox vulnerability leaves people open to password theft:

Proof of concept here

Does metafilter strip out form tags?
posted by empath on Nov 22, 2006 - 22 comments

Is MeFi protected against CSRF? I know the logout link isn't (should be a form button anyway) and could be triggered by displaying an image to a MeFi user, but if the forms are vulnerable things could get nasty (imagine someone posting a link that changes your prefs, or makes you create a post, etc.). Just askin'...
posted by malevolent on Oct 22, 2006 - 97 comments

Will MetaFilter get persistent SSL, like Craigslist?
posted by The Jesse Helms on Jul 3, 2006 - 16 comments

Is there anything that makes this post good? (mi)
posted by bigmusic on Apr 19, 2006 - 20 comments

Ok, in this comment by #1, it is revealed that user pages have been considerably further locked down. I wonder, is all that extra security still in place? [more inside]
posted by mystyk on Dec 12, 2005 - 23 comments

eponymous blargh registered himself a sock puppet using html entities which looks exactly like my username. thank you.
posted by quonsar on Jul 17, 2005 - 19 comments

I've been spending lots of time on wireless networks lately, so I finally up and got an SSL certificate for MetaFilter. Enjoy. Eventually I'll try to get all the user/pass pages going through https:// to make the site more secure.
posted by mathowie on Mar 9, 2003 - 46 comments

Alas, there was a critical fact overlooked on the recent hardware upgrade, one which left the server vulnerable to the [sapphire|slammer|SQ hell] worm. All's better now.
posted by delfuego on Jan 25, 2003 - 17 comments

What exactly is it that just happened to Blogger? I saw hints that there had been some sort of security breach, and now everything is inaccessible. (And the Blogspot server is outright offline as I write this.) There was some sort of password break?
posted by Steven Den Beste on Dec 26, 2001 - 40 comments

IE has a huge, gaping hole that allows executable files to be downloaded and run on the computers of browsers.

Pynnonen revealed that the bug lies in IE's processing of Internet addresses and "header" information that tells the browser what type of file it is handling. The flaw is particularly dangerous because it can be exploited using ordinary Web page code, without help from JavaScript or other scripting programs, he said.

thanks to the wonder of non-disclosure agreements, we won't know the precise nature of the bug (yet), but this one sounds bad.
posted by moz on Dec 11, 2001 - 4 comments

I was looking at the source in the Auto-close Open Tags thread, and I noticed that the comment submit box has my user password stored as clear text. It's not like MeTa/MeFi need to be highly secure, but I'm wondering if there is a better way to handle that.
posted by willnot on Nov 4, 2001 - 9 comments

what stops people from using metafilter like metababy? Is it understood? Is some sort of Hive Mind at work here? Although you retain final edit control Matt, what stops someone from entering malicious code or javascript that provides information about members to a second source unnoticed? Is there some sort of preventative measure I don't know about?

posted by Neale on Apr 17, 2000 - 6 comments