This site was archived on 24 April 2012. No new content can be posted. The mailing list remains online and the site will stay in this archived state for the forseeable future. If you find any technical errors on the site, please contact Callum.


Monthly Archive for November, 2009

Flowerpower!

Published by on 29 November 2009 at 17:07 in Collective, Finances and volunteer coordination. 2 Comments

Found at http://www.couchsurfing.org/careers_openings.html#Gardener_/_Landscaper:

Gardener / Landscaper

Purpose:

  • Creates beautiful outdoor spaces for the well-being of CS volunteers, personnel, and guests.

Responsibilities:

  • Create flower and vegetable gardens from scratch
  • Build any needed irrigation systems
  • Build bushes, vines, or related plant-based privacy screens
  • Establish house plants
  • Train residents how to maintain landscaping

Requirements:

  • Extensive knowledge of local weather and its effects on landscaping
  • Extensive knowledge of appropriate indoor and outdoor plants for various uses

CouchSurfing password security vulnerability

Published by Callum on 21 November 2009 at 07:10 in Casey Fenton, Jim Stone and tech. 3 Comments Tags: , , , , .

Warning: If you get a username / password pop up on CouchSurfing.org, click cancel, do not enter your username and password except on the CouchSurfing login page.

As of right now, I’m seeing this CSS file included on all CouchSurfing.org pages. That file links to this image. That image returns a 401 authorisation denied error. That in turn causes the browser to request a username and password, the realm is given as “CS”. If a user enters their CouchSurfing username and password, that data will be submitted to functionalfreelance.com.

This is a serious security issues as many users are likely to enter their passwords without realising what’s going on.

As far as I can tell from a scan of the whois data and dns records, there is no connection between couchsurfing.org and functionalfreelance.com. It seems likely to me that this is a hack of some sort, either deliberate or accidental. I hope accidental. Either way, this is a significant issue and needs immediate resolution by CS Inc. I have notified Casey Fenton, Jim Stone and Chris Burley directly of this issue.