Slashdot Mirror
Hacking Web Services
siduri writes "Udi Manber, chief scientist at Yahoo!, gave a great talk on the kinds of hacks that Yahoo sees at the IEEE's Symposium on Security and Privacy. I wrote an overview of his talk for Dr. Dobb's Journal. While some of the message is well-known stuff (like that people will spend a lot of time hacking the most trivial things), the details of what Yahoo has to deal with are really pretty interesting."
I know that someone has been hacking google for the past few years about once a week. Always changing the google logo(jk). I guess google is just powerless to protect themselves
from the article: "If you have any kind of rating, people go to all kinds of trouble to get that rating in an illegitimate way,"
hmm. sounds like they're describing karma whores
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
It's not copyright violation! Information wants to be free!! Nothing should cost money because corporations don't deserve to make money, RMS told me so!
Hey, moron, had you *read* the article, you would have noticed the following:
1. He said that he knows "security through obscurity" isn't the answer, but that his methods are so weak that he *knows* they won't stand under scrutiny; they just happen to be the best he's got at the moment. That's called good judgement.
2. You have no sense of humor.
3. His concerns are legitamite; Yahoo! is trying to provide services on the web, and people are *stealing* them. Yahoo! isn't screwing artists out of money, or exploiting third-world children, or screwing their customers; they just want people to engage in reputable transactions. That's how businesses make their money, and why you can spew crap from your personal computer.
Sheesh.
--
I Hit the Karma Cap, and All I Got Was This Lousy
I have decided to let my yahoo mailbox fill with the spam that they allow. I figure that if they have to pay for the space, storage, and backup of spam for all these accounts, they will eventually figure out that they need to do something.
I only use the account for testing mail from the *outside* world. If they shutoff that account, I will get one from somewhere else. God, I may even break down and open an account on Hotmail...
Quick, help, I may be slipping into the clutches of the M$ beast....
And now for something completely different...
What OS do you want to abuse today?
I believe that Yahoo's problems can be solved in the complex plane by calculus of residues. Translate the Web Services into equations over the integers, using the obvious mapping from {0,1}-star to the square-free integers, and extend them over the whole complex plane. Take an exponential and premultiply with the Riemann Zeta function, so all your non-trivial roots lie on the critical line. Then integrate using calculus of residues to obtain the eigenmodes of the web service computation. Negative eigenvalues should be investigated, they correspond to exploitable holes in the web services.
The problem with the western territories is that they are lawless lands! You'll never have enough Sherrif's to protect the cities, you'll never have enough US Marshal's to hunt down all the outlaws, you'll never have enough hunters to kill all the wolves, and let's not even forget about those blasted Indians! Nobody will ever be able to establish a good colony in those lands...