Typepad security issue with coComment?

 

On monday evening by accident, I found that I was incorrectly using my technorati tags (since july). I was not comma delimiting. Fair enough, made some changes to recent posts and waited for updates to filter through to technorati, etc..

However, the last few days have been frustrating. Tagging still does not appear to be working – I have been contact with Typepad, Technorati & Feedburner support – but it still is not resolved. For those subscribed through a feed reader – apologies for the updates over the last 24 hours.

The exercise has uncovered a rather curious effect between Typepad and coComment. The latter is a tool for consolidating comments that one makes across blogs. On creating an account and installing the firefox extension, you decide to add a "watch" to a comments page, and updates are signalled through a little red envelope on the bottom right of the browser. that’s fine – it’s a very neat tool.

On discovering my typepad tagging problem, I opened a ticket through my online account explaining my situation. I did know at the time, that the coComment script had wrapped itself around the form, whose url is

http://www.typepad.com/t/app/control/help?__mode=edit

but thought nothing of it – session managment, etc.

Next day, I noticed that coComment had indeed snagged my ticket, but in the process had also snagged tickets from 10 other typepad users, dating back to september. I’ve also discovered that I know have coComment "neighbours" – which is fine If I were commenting on a publicly available blog. I don’t believe it is correct in this situation however. For example, one ticket mentioned an issue with billing details – this could have been more sensitive.

I’m going to contact both SixApart and coComment about this issue – has anybody else out there also come across this ?

Update : Having had a further look at this, and the privacy setting for coComment, you can hide "Conversations" from other users; it’s these conversations threads (generated as typepad tickets) that I can apparently see from other Typepad/coComment users.

Update : response from the coComment team on this issue

….a faulty regression caused this problem (and others) to reappear —
should be fixed now…
.

Tags: , , , , ,

 

Leave a Reply

Your email address will not be published. Required fields are marked *