It takes a certain level of stupidity to "start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website."
His probation should require an ethics tutor.
Facebook is still collecting the information it shouldn't have. The fact that users can opt to not have it broadcast to their friends means almost nothing in terms of privacy.
The gist of the story is that the security boundaries of the merchant's server are inherently compromised by hosting 3rd-party content from the same server or domain. Wherever the user's information is stored, it becomes a possibility that the 3rd party now has direct access to it.
And of course, the author is correct in pointing out "cookie" headers are the most common way to establish a website session.
This is just another facet of the overall problem. The Internet itself was designed a long time ago with a certain security model: "Nobody has access to the Internet, and that makes it secure." Sooner or later that will have to change.
Although I agree with the background logic, there seems to be a consensus that the publicity generated by this verdict is going to hurt the RIAA socially, financially, and could even piss off some share holders. I tend to agree with the idea that the RIAA wanted to settle out of court but followed-through with the jury trial to buoy legitimacy under their other legal threats. Oops.
Legal Question:
Can they sue her again for the other 1,676 files they claim she 'made available'? Could they go for a second, $15 million, verdict if they wanted to?
Here is a quick clarification about Internet Explorer 6/7.
The attack at MySpace worked against IE users because many were lured into typing their passwords into a form. I saw this in action. It was almost indistinguishable from the legitimate version.
That form does some interesting things in both browsers, but it does not reflect a normal client/server situation. IE's password manager behaves differently from Firefox when dealing with forms on more than one page, as in the info-svc proof.
In my opinion, both browsers should raise a warning when a cross-site form is loaded, or have that option.
Slashdot Mirror
It takes a certain level of stupidity to "start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website." His probation should require an ethics tutor.
I wonder the same thing. For one, I am perfectly happy with my reproductive organs. I also wonder who decides to make a career out sending e-mails?
Facebook is still collecting the information it shouldn't have. The fact that users can opt to not have it broadcast to their friends means almost nothing in terms of privacy.
The gist of the story is that the security boundaries of the merchant's server are inherently compromised by hosting 3rd-party content from the same server or domain. Wherever the user's information is stored, it becomes a possibility that the 3rd party now has direct access to it. And of course, the author is correct in pointing out "cookie" headers are the most common way to establish a website session. This is just another facet of the overall problem. The Internet itself was designed a long time ago with a certain security model: "Nobody has access to the Internet, and that makes it secure." Sooner or later that will have to change.
Although I agree with the background logic, there seems to be a consensus that the publicity generated by this verdict is going to hurt the RIAA socially, financially, and could even piss off some share holders. I tend to agree with the idea that the RIAA wanted to settle out of court but followed-through with the jury trial to buoy legitimacy under their other legal threats. Oops.
Legal Question: Can they sue her again for the other 1,676 files they claim she 'made available'? Could they go for a second, $15 million, verdict if they wanted to?
Here is a quick clarification about Internet Explorer 6/7.
5 426
The attack at MySpace worked against IE users because many were lured into typing their passwords into a form. I saw this in action. It was almost indistinguishable from the legitimate version.
The Bugzilla reference to IE 6/7 was not a comment on the info-svc proof, but the proof at
https://bugzilla.mozilla.org/attachment.cgi?id=24
That form does some interesting things in both browsers, but it does not reflect a normal client/server situation. IE's password manager behaves differently from Firefox when dealing with forms on more than one page, as in the info-svc proof.
In my opinion, both browsers should raise a warning when a cross-site form is loaded, or have that option.
Enjoy
Robert Chapin
Chapin Information Services, Inc.