Considering that Dan Gillmor is supposed to be one of the blog savvy professional journalist, but he certainly didn’t do bloggers favors by publicisizing a Blogrolling.com security vulerability this morning. The site he linked to published the exploit which in effect gave you the ability to any other users blogroll without every notifying the vendor of the issue.
Good job to Dan for being the first to link to someone who provides instructions (and an example) on how to hack the Blogrolling.com software service. Very tech savvy of you…
Note – I only included a link to Gillmor’s post because Blogrolling.com has patched the vulnerability.
Update: Blogrolling has resolved the problem and Gillmor issued an update, and agrees that linking to the actual post was a bad idea. The author of the post – Hoder – now claims he notified Blogrolling, which given the time line and their rapid response, seems unlikely. Even if he did notify them, giving them a few hours to fix a problem is hardly a whitehat maneuver.