- Portals
- The Current Year
- ED in the News
- Admins
- Help ED Rebuild
- Archive
- ED Bookmarklet
- Donate Bitcoin
Contact an admin on Discord or EDF if you want an account. Also fuck bots.
2012 GNAA Tumblr Ruin: Difference between revisions
imported>Oliver Hart |
imported>Rvdog815 No edit summary |
||
(42 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
On December 3, 2012, the [[Gay Nigger Association of America]], both legally and effectively, exploited a [[XSS]] vulnerability in popular web-blog service [[tumblr]] resulting in the complete ruin of thousands of blogs. Utilising nothing but a few lines of javascript, an estimated 14,000 users reblogged the following post: | On December 3, 2012, the [[Gay Nigger Association of America]], both legally and effectively, exploited a [[XSS]] vulnerability in popular web-blog service [[tumblr]] resulting in the complete ruin of thousands of blogs. Utilising nothing but a few lines of javascript, an estimated 14,000 users reblogged the following post: | ||
[[File:Gnaa tumblr.jpg|center]]<br> | |||
This caused such an outrage that | This caused such an outrage that uncounted numbers of news sources picked up the story.<ref>{{wayback|http://betabeat.com/2012/12/tumblr-hacked-verge-daily-dot-usa-today-gna-gay-nigger-association-spam/|20121206001312|title=BetaBeat}}</ref> <ref>[https://money.cnn.com/2012/12/03/technology/security/tumblr-worm/?source=cnn_bin CNN]</ref> <ref>[https://www.cnet.com/news/privacy/massive-worm-hits-tumblr-spams-big-blogs-like-usa-today/ CNET]</ref> <ref>[https://www.cnbc.com/2012/12/03/thousands-of-tumblr-users-hijacked-by-viewing-viral-post.html NBC] {{wayback|http://www.nbcnews.com/technology/technolog/thousands-tumblr-users-hijacked-viewing-viral-post-1C7395010|20121203234216}}</ref> <ref>[https://www.usatoday.com/story/news/nation/2012/12/03/tumblr-viral-post/1742645/ USA Today]</ref> <ref>[https://gizmodo.com/tumblrs-getting-massively-hacked-right-now-but-theres-5965154 Gizmodo] '''{{archive|G9iHK}}'''</ref> <ref>[https://slate.com/technology/2012/12/gnaa-tumblr-worm-trolling-group-says-it-was-targeting-bronies.html Slate]</ref> <ref>[https://www.npr.org/sections/thetwo-way/2012/12/03/166406162/group-of-internet-trolls-claims-thousands-of-tumblr-blogs-infected-by-worm NPR]</ref> <ref>[https://www.gawker.com/5965196/hackers-behind-tumblr-worm-say-they-warned-tumblr-of-vulnerability-weeks-ago Gawker] '''{{archive|zQFCT}}'''</ref> <ref>[https://www.theguardian.com/technology/2012/dec/03/tumblr-cyber-worm-anti-blogging The Guardian]</ref> <ref>[https://mashable.com/archive/tumblr-worm Mashable]</ref> <ref>'''{{archive|Wl00a|Naked Security}}'''</ref> While hundreds of users took to other social networks to cry about the personal violation they had endured, the mainstream media was forced to largely ignore this in favor of awkwardly explaining what [[GNAA]] stands for. Showing an impressive lack of understanding of the internet, despite it being the basis of almost all of this year's hot shit news stories in one form or another, news sources have settled on describing GNAA as a ''"racist anti-blogging group"'', yet another example of straight old whitey trying to spread misinformation about the proud homosexual gentlemen of colour. | ||
==Tumblr is Vuln== | ==Tumblr is Vuln== | ||
Line 19: | Line 18: | ||
No accounts or sensitive data were unduly compromised by the uncovering of this security hole, as the "reblog" function was merely utilized. It is best to think of it as a site feature, rather than one of the most popular blogging platforms on the internet showing a startling disregard for the security of its users. It is easier that way. Naturally, the inability of the average [[Tumblr]] user to make the distinction between the two has led to many hilarious threats of [[lolsuit]]s. Good luck with that. | No accounts or sensitive data were unduly compromised by the uncovering of this security hole, as the "reblog" function was merely utilized. It is best to think of it as a site feature, rather than one of the most popular blogging platforms on the internet showing a startling disregard for the security of its users. It is easier that way. Naturally, the inability of the average [[Tumblr]] user to make the distinction between the two has led to many hilarious threats of [[lolsuit]]s. Good luck with that. | ||
{{quote|{{twitter|Gary_Niger}} hey you gave everyone on tumbler a virus I could and should sue you! I would have supported you if you would have not done this!|This bitch knows the score.}} | {{quote|{{twitter|Gary_Niger}} hey you gave everyone on tumbler a virus I could and should sue you! I would have supported you if you would have not done this!|This bitch knows the score.}} | ||
<br> | |||
==What did Tumblr do to Deserve This?== | ==What did Tumblr do to Deserve This?== | ||
Line 28: | Line 28: | ||
Is this truly the future that great visionaries of the past dreamed for? | Is this truly the future that great visionaries of the past dreamed for? | ||
{{frame|<youtube>IzRRILSGfus</youtube>|margin=auto}}<br> | |||
==Lulzy quotes== | ==Lulzy quotes== | ||
[[File:Tumblr GNAA.png|right|thumb|[[Tumblr]] are aware though so it's coo.]] | [[File:Tumblr GNAA.png|right|thumb|[[Tumblr]] are aware though so it's coo.]] | ||
[[File:Tumblr Update.png|right|thumb|Only a few thousand blogs.]] | [[File:Tumblr Update.png|right|thumb|Only a few thousand blogs.]]<br> | ||
{{squote|These domestic terrorists ought to be found and executed. They are as dangerous as AQ and we ought to stop treating them as a mild pain in the rump.}} | {{squote|These domestic terrorists ought to be found and executed. They are as dangerous as AQ and we ought to stop treating them as a mild pain in the rump.}} | ||
{{squote|You mean a masterful destruction of private property. Hopefully, you'll be as amused when someone hacks your paypal/bank account.}} | {{squote|You mean a masterful destruction of private property. Hopefully, you'll be as amused when someone hacks your paypal/bank account.}} | ||
{{squote|@Gary_Niger OMG I HATE YOU YOU STUPID CUNT PLEASE DIE OMG DIE PAINFULLY I HATE YOU SO MUCH IVE LOST 40 FOLLOWERS BECAUSE OF YOU OMGGGG DIE}} | {{squote|@Gary_Niger OMG I HATE YOU YOU STUPID CUNT PLEASE DIE OMG DIE PAINFULLY I HATE YOU SO MUCH IVE LOST 40 FOLLOWERS BECAUSE OF YOU OMGGGG DIE}}<br> | ||
==See Also== | ==See Also== | ||
Line 47: | Line 46: | ||
*[[Tumblr]] | *[[Tumblr]] | ||
*[[XSS]] | *[[XSS]] | ||
<br> | |||
{{Social Media}} | {{Social Media}} | ||
{{Indie}} | |||
{{tumblrseries}} | {{tumblrseries}} | ||
{{web2.0}} | {{web2.0}} | ||
{{epic}} | {{epic}} | ||
{{GNAA}} | {{GNAA}}<br> | ||
{{timeline|Featured article December 4 & 5, [[2012]]|[[Futurama]]|{{PAGENAME}}|[[Fleshlight]]}}<br> | |||
{{timeline|Featured article December 4 & 5, [[2012]]|[[Futurama]]|{{PAGENAME}}|[[Fleshlight]]}} | |||
[[Category:2012]] | [[Category:2012]] |
Latest revision as of 23:52, 30 October 2023
On December 3, 2012, the Gay Nigger Association of America, both legally and effectively, exploited a XSS vulnerability in popular web-blog service tumblr resulting in the complete ruin of thousands of blogs. Utilising nothing but a few lines of javascript, an estimated 14,000 users reblogged the following post:
This caused such an outrage that uncounted numbers of news sources picked up the story.[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] While hundreds of users took to other social networks to cry about the personal violation they had endured, the mainstream media was forced to largely ignore this in favor of awkwardly explaining what GNAA stands for. Showing an impressive lack of understanding of the internet, despite it being the basis of almost all of this year's hot shit news stories in one form or another, news sources have settled on describing GNAA as a "racist anti-blogging group", yet another example of straight old whitey trying to spread misinformation about the proud homosexual gentlemen of colour.
Tumblr is Vuln
For those of you without a degree in CSIII, a XSS, or cross-site scripting attack is made possible by a website not properly sanitizing input and thus allowing scripts to be executed on the page of a website. This is one of the oldest methods of web penetration, and should be extinct in 2012. Clearly the hard working development team at Tumblr don't feel the need to patch these obvious and frankly retarded vulnerabilities, instead focussing their attention on being very pleased that Tumblr panels are still a thing.
There were numerous XSS vulnerabilities identified on the site, including the video post field, which was exploited this time by the GNAA, the image post field, and every single mobile post field.
Somebody Call the e-Police
Tumblr was made aware of the issue two weeks prior to the exploit via direct communication. Clearly the Tumblr staff email was down, as the GNAA did not receive a response after helpfully attempting to assist them in securing their services. As such, there was no option but to demonstrate the vulnerability, because the friendly staff at Tumblr would surely want people to know about the problem as soon as possible so that they could promptly fix the issue.
No accounts or sensitive data were unduly compromised by the uncovering of this security hole, as the "reblog" function was merely utilized. It is best to think of it as a site feature, rather than one of the most popular blogging platforms on the internet showing a startling disregard for the security of its users. It is easier that way. Naturally, the inability of the average Tumblr user to make the distinction between the two has led to many hilarious threats of lolsuits. Good luck with that.
—This bitch knows the score. |
What did Tumblr do to Deserve This?
Tumblr does no more than provide a shield of relevance to bloggers of the worst variety. Bronies sharing pornographic images of animals from children's cartoons, Hot-Topic shoppers showing off their latest Invader Zim piercings, and New York hipsters spending 20% of their free time posting their lunches to Instagram can all be found carelessly grazing on tumblr, waiting for the next biggest happening to reblog and share with all (omg) 200 followers. Disgusting. Not only does this filth exist in the stores, schools, and places of work of the world, but is continuing to populate the gene pool, giving birth to even more abominations of mankind.
Is this truly the future that great visionaries of the past dreamed for?
Lulzy quotes
See Also
2012 GNAA Tumblr Ruin is part of a series on Visit the Social Media Portal for complete coverage. |
2012 GNAA Tumblr Ruin is part of a series on
|
||
Ideas Sites Music Movies and TV Shows Places People Misc
|
2012 GNAA Tumblr Ruin is part of a series on Web 2.0 |
Web 2.0 Concepts Social networking • Social networking sites • Blogging • Blogosphere • Hashtag • Memorial Page Tourism • PHP • Hypercube • Podcasting • Wikiing • Ajax • Ruby on Rails • Internet Humanitarianism • X is not your personal army • Unfriending • Unsubscribing • User-generated content • iTunes Store • Verification |
Web 2.0 Sites anonmgur • Answerbag • Bebo • Blingee • Blogtv • Broadcaster • Buzzfeed• ChaCha • Del.icio.us • DeviantART • digg • Dreamhost • DuckDuckGo • eBay • Facebook • Farm Town • Foursquare • Gossip Report • Hawkee • Hulu • Instagram • justin.tv • Klout • last.fm • LiveJournal • LiveVideo • mycrib • MySpace • Newgrounds • Ning • Patriots.win • Rap Genius • Reddit • Salon • slashdot • Stickam • Tay • Tumblr • Twitter • Wikipedia • Xanga • Yahoo! Answers • YouTube | |
People of Web 2.0 Fast Eddie • Tom Anderson • Steve Chen • Brad Fitzpatrick • Max Goldberg • Michael Crook • Iain Hall • Chad Hurley • Kevin Rose • OMGFacts • Kathy Sierra • Jimmy Wales • You • Mark Zuckerberg |
2012 GNAA Tumblr Ruin is part of a series on epic events and trolls |
|
---|
2012 GNAA Tumblr Ruin is part of a series on the Gay Nigger Association of America. | |
---|---|
|
Featured article December 4 & 5, 2012 | ||
Preceded by Futurama |
2012 GNAA Tumblr Ruin | Succeeded by Fleshlight |