Slashdot Mirror

← Back to Domains

Domain: watchfire.com

Stories and comments across the archive that link to watchfire.com.

Stories · 5

  1. HTTP Request Smuggling

    It · Security · · posted by CmdrTaco · from the this-could-get-fun dept. · 99 comments
    cyphersteve writes "Multiple vendors are vulnerable to a new class of attack named 'HTTP Request Smuggling' that revolves around piggybacking a HTTP request inside of another HTTP request, which could let a remote malicious user conduct cache poisoning, cross-site scripting, session hijacking, as well as bypassing web application firewall protection and other attacks. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices are between the user and the web server. CERT has ranked this attack and the associated vulnerabilties found in multiple products as High Risk. The authors (Amit Klein, Steve Orrin, Ronen Heled, and Chaim Linhart) have published a whitepaper describing this technique in detail."

  2. If You Had To Vote Based On Candidates' Web Pages

    Tech · Internet · · posted by timothy · from the you'd-never-vote-at-all dept. · 112 comments
    Kookus writes "Which party has the best team of web deployers/developers? Neither main page passes w3c's html validator, but Kerry's has much fewer "errors". These pages do not seem to do well on Bobby either... Both seem to be using Akamai's HTTP Acceleration/Mirror service which appears to be running linux, Granted that it is hard to please everyone; which team is doing the best job?"

  3. Using EULAs To Bait and Switch

    Yro · Money · · posted by timothy · from the mmmm-bait dept. · 26 comments
    jalefkowit writes "Watchfire, the company behind the popular Web accessibility testing package Bobby, has come up with an innovative way to squeeze money out of customers: they changed the licensing terms of Bobby for the latest release, but don't mention the changes in any of their sales materials -- the first time you'll hear about it is in the EULA, when you install the software. The kicker is, the changes mean that some customers will now have to buy many, many more copies of Bobby than before -- and if the new cost is too rich for your blood, they won't refund the money you paid before you found out about the new terms, since they laid it all out in the EULA! Your options are to either pony up for the additional licenses, or ditch Bobby without ever getting back the money you paid up front. I've written up my experiences dealing with Watchfire and their "upgrade" to Bobby 5.0 -- consider it a cautionary tale for people considering upgrading their own copies, or for anyone who's concerned about how EULAs let companies dodge responsibility for being honest with customers."

  4. Using EULAs To Bait and Switch

    Yro · Money · · posted by timothy · from the mmmm-bait dept. · 26 comments
    jalefkowit writes "Watchfire, the company behind the popular Web accessibility testing package Bobby, has come up with an innovative way to squeeze money out of customers: they changed the licensing terms of Bobby for the latest release, but don't mention the changes in any of their sales materials -- the first time you'll hear about it is in the EULA, when you install the software. The kicker is, the changes mean that some customers will now have to buy many, many more copies of Bobby than before -- and if the new cost is too rich for your blood, they won't refund the money you paid before you found out about the new terms, since they laid it all out in the EULA! Your options are to either pony up for the additional licenses, or ditch Bobby without ever getting back the money you paid up front. I've written up my experiences dealing with Watchfire and their "upgrade" to Bobby 5.0 -- consider it a cautionary tale for people considering upgrading their own copies, or for anyone who's concerned about how EULAs let companies dodge responsibility for being honest with customers."

  5. Cynthia Says... Create Accessible Web Sites

    Developers · Internet · · posted by michael · from the or-else dept. · 35 comments
    Kynn writes "The folks at ICDRI, in partnership with the Internet society and HiSoftware, bring us Cynthia Says, a free service to help you evaluate your Web pages for accessibility. In other words, it's roughly equivalent to what Bobby used to be, before it went commercial. It features what seems to be a cartoon version of my friend Cynthia Waddell, which is a bit creepy, but in all honesty it's a much better symbol than the old cartoon cop used with Bobby. I always thought there was an implied menace, as if the smiling chap would happily bludgeon you with his truncheon if you created an inaccessible Web site." If only.