Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Feed Techdirt: How YouPorn Tries To Hide That It's Spying On Your Browsing History (techdirt.com)

From feed by feedfeeder
There's a fair bit of attention being paid to a Forbes article about some new research concerning how a bunch of websites, including YouPorn, are exploiting a simple security hole to see what other sites you've visited:

How does it work? It's based on your browser changing the color of links you've already clicked on. A script on the site exploits a Web privacy leak to quickly check and see whether your browser reveals that the links to a host of other porn sites have been assigned the color "purple," meaning you've clicked them before.
This isn't a huge surprise, but what I found most fascinating was how YouPorn sought to hide this bit of javascript by "encrypting" it. And by "encrypting" it, I mean switching letters one letter up in the alphabet. As Kashmir Hill explains:

The script on YouPorns site that checks a users history (which you can see for yourself by going to the site and checking out its html with View Source) looks like this: function ypol(){var k={0:"qpsoivc/dpn",1:"sfeuvcf/dpn", 2:"bevmugsjfoegjoefs/dpn",3:"ywjefpt/dpn",4:"uvcf9/dpn", 5:"yoyy/dpn",6:"nfhbqpso/dpn",7:"nfhbspujd/dpn", 8:"yibntufs/dpn",9:"bxfnqjsf/dpn",10:"sfbmjuzljoht/dpn", 11:"csb{{fst/dpn",12:"yuvcf/dpn",13:"cbohcspt2/dpn", 14:"gmjoh/dpn",15:"gsffpoft/dpn",16:"nzgsffqbztjuf/dpn", 17:"efcpobjscmph/dpn",18:"qbztfswf/dpn",19:"nbyqpso/dpn", 20:"wjefpt{/dpn",21:"bfco/ofu",22:"qpsopsbnb/dpn"}; var g=[];for(var m in k){var d=k[m]; var a="";for(var f=0;f

That list of gibberish contains the sites that YouPorn is checking to see if youve visited, but disguises them with a bit o simple cryptography. Dial back each letter by one, so qpsoivc/dpn, for example, becomes pornhub.com.
What's amazing is that anyone actually thought this was a worthwhile move. It's not that hard to "decrypt" and it's almost obvious to the naked eye because it's not too difficult to figure out how the "encryption" (and I use that word loosely) works just by noticing all the terms that end in /dpn. You'd think even a rot-13 would throw a few more people off the sent.

Permalink | Comments | Email This Story



Submission + - Free IPv4 pool now down to seven /8s (iana.org)

Submitted by Zocalo
Zocalo writes: For those of you keeping score, ICANN just allocated another four /8 IPv4 blocks; 23/8 and 100/8 to ARIN, 5/8 and 37/8 to RIPE, leaving just seven /8s unassigned. In effect however, this means that there are now just two /8s available before the entire pool will be assigned due to an arrangement whereby the five Regional Internet Registries would each automatically receive one of the final five /8s once that threshold was met. The IPv4 Address Report counter at Potaroo.net is pending an update and still saying 96 days, but it's now starting to look doubtful that we're going to even make it to January.

Submission + - All payphones taken down in Estonia (tarbija24.ee)

Submitted by J-Georg
J-Georg writes: All payphones in Estonia stop working on 1st of December 2010 at 9am local time as Estonian telco Elion operating them stops the service. Since 1997 Elion has gradually decreased the number of public card-operated phones from 3'000 to mere 550. "We can say for a fact that there is no more consumer interest in the service. On average, payphones are in use less than one minute per day," commented Elion's private segment manager couple of months ago (http://news.err.ee/economy/f644e646-b54e-45ca-9602-b28f378a3a7f).
Iphone

Submission + - Sparse iPhone Screen Space Aiding Phishers (threatpost.com)

Submitted by Trailrunner7
Trailrunner7 writes: Pinched screen real estate on iPhone devices may make it easier for users to be fooled into using phishing Web sites, according to an analysis by researcher Nitesh Dhanjani.

Dhanjani on Monday called attention to the common practice of hiding the Web address once Web pages and applications have loaded. That practice, coupled with the ability of application programers to render screen elements that can mimic real address bars, could throw open the door to the kinds of phishing attacks that modern browsers have long since rendered ineffective. To illustrate his point, Dhanjani created a spoof Web page designed to resemble the Bank of America mobile banking Web site. After loading the Web site on the iPhone Safari browser, Safari adjusts the screen to hide the real address bar, while Dhanjani programmatically superimposes a bogus Address bar at the top of the visible area of the screen, creating the impression that the user is at the bankofamerica.com Web site.
Facebook

Submission + - Facebook's 'Like This' button is tracking you (thinq.co.uk)

Submitted by Stoobalou
Stoobalou writes: A researcher from a Dutch university is warning that Facebook's 'Like This' button is watching your every move.

Arnold Roosendaal, who is a doctoral candidate at the Tilburg University for Law, Technology and Society, warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not.

Roosendaal says that Facebook's tentacles reach way beyond the confines of its own web sites and subscriber base because more and more third party sites are using the 'Like This' button and Facebook Connect.
The Military

Submission + - US Army Takes on Taliban With 'Smart' Bullets (itworld.com) 1

Submitted by itwbennett
itwbennett writes: The U.S. Army is about to deploy a 'game-changing', high-tech, and pricey ($25,000 each) gun to Afghanistan. The 'XM25 Counter Defilade Target Engagement System' fires bullets that can calculate the precise moment to explode over enemies' heads. Chips in the bullets (which are really more like small grenades) calculate the distance traveled from the number of rotations the bullet has taken after leaving the gun's barrel. Smart bullets don't come cheap, though, costing around $25 each.
The Military

Submission + - China's supercomputers developing stealth (computerworld.com)

Submitted by dcblogs
dcblogs writes: China is using its increasing supercomputing capability, which includes a new flying saucer shaped computing facility, for research on stealth technology, according to a slide from the Chinese Academy of Sciences Supercomputing Center presented at an exascale conference in October. The slide illustrates how supercomputers can be used to calculate the radar cross-section of an aircraft or a ship. This can help designers choose shapes for an aircraft or ship that will have the smallest possible radar cross-section, according to a Rand Corp. analyst. China is expected to have stealth aircraft sometime in the 2017 to 2019 timeframe.

Submission + - Brit computing pioneer Sir Maurice Wilkes dies (bbc.co.uk)

Submitted by certron
certron writes: BBC News is reporting that: The "father" of British computing, Sir Maurice Wilkes, has died at the age of 97.
Sir Maurice was the designer and creator of Edsac, a computer that ran its first program in May 1949.
The Cambridge machine was the first widely-useable stored program machine and was very influential on the nascent British computer industry.
It set standards for how computers should be used in academia and business that have lasted until the present day.

Submission + - The ten most important doors in cinema (shadowlocked.com)

Submitted by Anonymous Coward
An anonymous reader writes: Forbidden Planet, King Kong, Nineteen Eighty-Four and The Exorcist all have one thing in common — some of the most iconic doors in movie history; doors representing the barrier between the conscious and unconscious mind, the human and infernal realms, the spiritual and animal dimension of man...and the 'savage' and the 'civilised' in a non-integrated America nonetheless fascinated with Primitivism.
Google

Submission + - Google in talks to buy Groupon (mnginteractive.com)

Submitted by mark72005
mark72005 writes: Published reports say Google may be close to buying online discount service Groupon in a deal worth as much as $6 billion in what would be the search leader's largest acquisition ever.

The size of the deal would put it well above Google Inc.'s largest acquisition to date, its 2008 purchase of DoubleClick for $3.2 billon.
Idle

Submission + - For Sale: Aircraft Carrier, One Only, Lightly Used

Submitted by
Hugh Pickens
Hugh Pickens writes: "Time Magazine reports that just in time for the holidays, the British Navy has put the aircraft carrier HMS Invincible up for sale on an eBay-like website. The proud 690-foot warship sailed Her Majesty's seas from 1980 to 2005, and took part in the Falklands, Balkans and Iraq campaigns. A crew of more than 1,000 manned the ship as she steamed at speeds topping out at 28 knots, thanks to its four Rolls-Royce turbine engines. The ship underwent a major refit in 2004 but was decommissioned in 2005 with the proviso that she could be "reactivated" at 18 months notice if a crisis beckoned but over the years her engines, pumps and gear boxes were cannibalized for use in other ships. Of her total weight of 17,0000 tons, 10,000 is composed of metal which makes her attractive on the scrap market. If interested go to the like auction web site and put her to your "wish list," or add her to your "cart." Interestingly enough, the Australian government had originally planned to purchase the ship in 1982 but the Falklands war intervened and in July 1982 the British Ministry of Defence announced that it had withdrawn its offer to sell Invincible and that it would maintain a three-carrier force."
Apple

Submission + - Light Peak power patent (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: It's looking like Apple and Intel are bringing out fiber-based Light Peak next year. But will it be powered? A recent Apple patent application suggests the answer, thankfully, will be yes.
Security

Submission + - It's Possible You've Already Been Mugged by Him (krebsonsecurity.com)

Submitted by tsu doh nimh
tsu doh nimh writes: In 2006, the New York Time ran a story about Sergey Kozerev, a.k.a. "Zo0mer," a young Russian man from Saint Petersburg who was thought to be a "kingpin" in the underground economy for stolen identities and credit card data. Almost four years later, Brian Krebs takes a look at the bustling online fraud shops that this same individual is operating online, and it seems that business is better than ever these days for Zo0mer.

Submission + - DARPA funding memristor based AI (ieee.org)

Submitted by ma11achy
ma11achy writes: DARPA funding memristor based approach to building a machine that learns, reasons, and even emotes its way to solving problems, the way people do.

From the article:

"So why should you believe us when we say we finally have the technology that will lead to a true artificial intelligence? Because of MoNETA, the brain on a chip. MoNETA (Modular Neural Exploring Traveling Agent) is the software we're designing at Boston University's department of cognitive and neural systems, which will run on a brain-inspired microprocessor under development at HP Labs in California. It will function according to the principles that distinguish us mammals most profoundly from our fast but witless machines."

Submission + - The inside of a vintage black box (youtube.com)

Submitted by engineerguy
engineerguy writes: A real flight data recorder from a Delta airlines jetliner — a DC-9 or727. Details about how it withstands high temperatures and crash velocities. It uses Inconel — a superalloy steels that is used in furnaces and others extreme environments. A sterling example of how engineers solved problems in a pre-digital, mechanical age.

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close