After I read the blog post of RSnake in which he shows an XSS at netvibes.com I also thought that I should have a look at this webservice. First I have to say that the guys there have done a great job, this service really shows what the mysterious Web 2.0 is. On the other hand I have to look at it from the security point of view. There I think they also did well but it’s not completely secure (that would be nearly impossible for such a big webapp), so I found some security holes in a relatively short time. I hope they will patch it as soon as possible.

As I said, I’m really impressed about this webservice and so think when I have a few minutes of free time I’ll go deeper in the stuff they did and still do there.

I also have to say at this point that I’m not using the service because I’m to paranoid about my login data

PS: Of course I informed the guys from netvibes.com about the security holes