Or rather, as soon as the dim BeOS vote rigging goons started openly discussing how to rig the votes on a BE sponsored mailing list (BeUserTalk) and began posting the results of their rigging, something had to be done.
m00
It does so to, speak but by using cookies..
All it takes is to respond with a unique GUID for the cookie and you're away:)
They could (and I hope they get the point and do this) modify it to only allow one vote per IP (but this has it's own implications such as for NAT users) which would make it a little harder. Doing it upon IP would at least eliminate the script kiddies from rigging such polls. A deeper level of knowledge would be required, but the implication of giving out the source for such a IP rigged votebot would be a little more serious:(
Hopefully the point was made. MSNBC (and all other poll hosts) should do something to make this kind of rigging impossible. It is possible but not through shoddily writter JavaScript and ASP code.
When I was told that the MSNBC poll was hard to rig, I believed it. 45 seconds later I had all the information needed. They should employ someone whop can write a proper and secure poll program.
And OT in this thread but I have to mention it.
There's a lot of fuss being made about the fact that it appeared at one point that the Linux votes dropped in real numbers. This did not happen. Embedded within the vote JScript there are tags that reveal the *exact* number of votes cast for each item. The person who attempted to create a backlash by stating that Linux votes dropped at some point is baseing his assumption upon the fact that the percentages rounded down!
There was no way to gain access and manipulate the MSNBC poll databases holding the results. I know, I tried. Could view, but couldn't modify:(
m00
> What better way to creat bad publicity for
> MS and MSNBC than by making it look like they
> doctored their own poll?
Now you know that it doesn't really look like that..
> Just by voting for windows repeatedly, some
> linux fan could easily generate all kinds of
> bad press like this. And with Linux Today
> certainly watching at this point, its bound
> to rally MS hatred.
No it's not.. MSNBC will come up smelling of roses when they realise they can have a killer article on how online voting is just not practical.
Everyone bar the dimmest of the dims knows that MS had nothing to do with this.
> I wish I'd though of such a devious political
> maneuver myself.
Now that's asking a bit much isn't it? How about a poll to decide:)
m00
It will compile with VC, though any other Windows compiler will work..
The code I posted has got mangled either automagically by the message board, or auto-magically assisted by a moderator:)
If anyone requires the unmangled code, mail me..
m00
Nope, they have a lot of credibility to gain by now writing a story in how online voting such as this is not to be taken seriously, due to exactly the reasons we've seen.
m00
"Errrr......... I've made a mistake"
It's a shame to see all these people claiming "they rigged the vote" children..
The truth..
Linux starts out with some rigging on a mammoth scale. BeOS responds with organising taking place on a BE sponsored mailing list of all places(BeUserTalk). So I decide to level the playing field:) but then someone else decides to
And then when the phantom Mac votee strikes back with an impressive votebot, retaliation was called for unfortunately it got rapidly out of hand at this point..
"It's only a gameshow,
It's only a gameshow"
m00
--
For future reference and for "how" here's the source to the Windows votebot.. Link with wsock32.lib and you can roger any vote you want;)
"You live by the sword, you die by the sword"
------------------------------------------------ -
Not fantastic but it was cobbled together in a few minutes..
inline unsigned int RDTSC () {
int a;
_asm _emit 0fh
_asm _emit 031h
_asm mov a,eax;
return a;}
Slashdot Mirror
Or rather, as soon as the dim BeOS vote rigging goons started openly discussing how to rig the votes on a BE sponsored mailing list (BeUserTalk) and began posting the results of their rigging, something had to be done. m00
It does so to, speak but by using cookies.. All it takes is to respond with a unique GUID for the cookie and you're away :)
They could (and I hope they get the point and do this) modify it to only allow one vote per IP (but this has it's own implications such as for NAT users) which would make it a little harder. Doing it upon IP would at least eliminate the script kiddies from rigging such polls. A deeper level of knowledge would be required, but the implication of giving out the source for such a IP rigged votebot would be a little more serious :(
Hopefully the point was made. MSNBC (and all other poll hosts) should do something to make this kind of rigging impossible. It is possible but not through shoddily writter JavaScript and ASP code.
When I was told that the MSNBC poll was hard to rig, I believed it. 45 seconds later I had all the information needed. They should employ someone whop can write a proper and secure poll program.
And OT in this thread but I have to mention it.
There's a lot of fuss being made about the fact that it appeared at one point that the Linux votes dropped in real numbers. This did not happen. Embedded within the vote JScript there are tags that reveal the *exact* number of votes cast for each item. The person who attempted to create a backlash by stating that Linux votes dropped at some point is baseing his assumption upon the fact that the percentages rounded down!
There was no way to gain access and manipulate the MSNBC poll databases holding the results. I know, I tried. Could view, but couldn't modify :(
m00
> What better way to creat bad publicity for > MS and MSNBC than by making it look like they > doctored their own poll? Now you know that it doesn't really look like that.. > Just by voting for windows repeatedly, some > linux fan could easily generate all kinds of > bad press like this. And with Linux Today > certainly watching at this point, its bound > to rally MS hatred. No it's not.. MSNBC will come up smelling of roses when they realise they can have a killer article on how online voting is just not practical. Everyone bar the dimmest of the dims knows that MS had nothing to do with this. > I wish I'd though of such a devious political > maneuver myself. Now that's asking a bit much isn't it? How about a poll to decide :)
m00
It will compile with VC, though any other Windows compiler will work.. The code I posted has got mangled either automagically by the message board, or auto-magically assisted by a moderator :)
If anyone requires the unmangled code, mail me..
m00
Nope, they have a lot of credibility to gain by now writing a story in how online voting such as this is not to be taken seriously, due to exactly the reasons we've seen. m00
"Errrr......... I've made a mistake" :) but then someone else decides to
;)
- -
D 7E96E;
// Errr, Let's be a bit lazy here ;)
e =Operatingsystemspoll&Q1=";
e pt-Language: en-us\nAccept-Encoding: gzip, deflate\nUser-Agent:
e =Operatingsystemspoll&Q1=";
e pt-Language: en-us\nAccept-Encoding: gzip, deflate\nUser-Agent:
e =Operatingsystemspoll&Q1=";
e pt-Language: en-us\nAccept-Encoding: gzip, deflate\nUser-Agent:
e =Operatingsystemspoll&Q1=";
e pt-Language: en-us\nAccept-Encoding: gzip, deflate\nUser-Agent:
// Should be suitably random enough ;)
b yname(lpServerName);
" );return;}
; return;}
d r_list);
S OCKADDR_IN));
o sesocket(Socket);return;}
s ocket(Socket);return;}
; }
// Write to stdout
It's a shame to see all these people claiming "they rigged the vote" children..
The truth..
Linux starts out with some rigging on a mammoth scale. BeOS responds with organising taking place on a BE sponsored mailing list of all places(BeUserTalk). So I decide to level the playing field
And then when the phantom Mac votee strikes back with an impressive votebot, retaliation was called for unfortunately it got rapidly out of hand at this point..
"It's only a gameshow,
It's only a gameshow"
m00
--
For future reference and for "how" here's the source to the Windows votebot.. Link with wsock32.lib and you can roger any vote you want
"You live by the sword, you die by the sword"
-----------------------------------------------
Not fantastic but it was cobbled together in a few minutes..
inline unsigned int RDTSC () {
int a;
_asm _emit 0fh
_asm _emit 031h
_asm mov a,eax;
return a;}
#include
#include
#include
#include
void GetHTTP(LPCSTR lpServerName,LPCSTR lpFileName);
#define PRINTERROR(s) fprintf(stderr,"\n%: %d\n",s,WSAGetLastError())
void main(int argc, char **argv)
{
WORD wVersionRequested = MAKEWORD(1,1);
WSADATA wsaData;
int nRet;
if(argc!=2){fprintf(stderr,"\nSyntax: GetHTTP ServerName\n");return;}
nRet=WSAStartup(wVersionRequested,&wsaData);
if(nRet){fprintf(stderr,"\nWSAStartup(): %d\n",nRet);WSACleanup();return;}
if(wsaData.wVersion!=wVersionRequested)
{fprintf(stderr,"\nWinSock version not supported\n");WSACleanup();return;}
_setmode(_fileno(stdout),_O_BINARY);
long g1=0xD1497877,g2=0x8BC411D4,g3=0xACC70080,g4=0x5F
char *fcmds[4][3];
fcmds[0][0]="/modules/livevote/vote.asp?t=2&LVnam
fcmds[0][1]="1& HTTP/1.0\nAccept: */*\nReferer:
http://www.msnbc.com/news/459053.asp?cp1=1\nAcc
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\nHost: www.msnbc.com\nCookie: MC1=GUID=";
fcmds[0][2]="; P1=0\nConnection: close\n";
fcmds[1][0]="/modules/livevote/vote.asp?t=2&LVnam
fcmds[1][1]="2& HTTP/1.0\nAccept: */*\nReferer:
http://www.msnbc.com/news/459053.asp?cp1=1\nAcc
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\nHost: www.msnbc.com\nCookie: MC1=GUID=";
fcmds[1][2]="; P1=0\nConnection: close\n";
fcmds[2][0]="/modules/livevote/vote.asp?t=2&LVnam
fcmds[2][1]="3& HTTP/1.0\nAccept: */*\nReferer:
http://www.msnbc.com/news/459053.asp?cp1=1\nAcc
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\nHost: www.msnbc.com\nCookie: MC1=GUID=";
fcmds[2][2]="; P1=0\nConnection: close\n";
fcmds[3][0]="/modules/livevote/vote.asp?t=2&LVnam
fcmds[3][1]="5& HTTP/1.0\nAccept: */*\nReferer:
http://www.msnbc.com/news/459053.asp?cp1=1\nAcc
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\nHost: www.msnbc.com\nCookie: MC1=GUID=";
fcmds[3][2]="; P1=0\nConnection: close\n";
srand((unsigned)RDTSC());
g1+=rand();g2+=rand();g3+=rand();g4+=rand();
int votingorder[5]={0,1,1,2,3};
int which=0;int maxwhich=5;
for (int i=0;i=maxwhich)which=0;
}
WSACleanup();
}
void GetHTTP(LPCSTR lpServerName, LPCSTR lpFileName)
{
IN_ADDR iaHost;
LPHOSTENT lpHostEntry;
iaHost.s_addr=inet_addr(lpServerName);
if(iaHost.s_addr==INADDR_NONE)lpHostEntry=gethost
else lpHostEntry=gethostbyaddr((const char *)&iaHost,sizeof(struct in_addr),AF_INET);
if(lpHostEntry==NULL){PRINTERROR("gethostbyname()
SOCKET Socket;
Socket=socket(AF_INET, SOCK_STREAM,IPPROTO_TCP);
if(Socket==INVALID_SOCKET){PRINTERROR("socket()")
LPSERVENT lpServEnt;
SOCKADDR_IN saServer;
lpServEnt=getservbyname("http","tcp");
if(lpServEnt==NULL)saServer.sin_port=htons(80);
else saServer.sin_port=lpServEnt->s_port;
saServer.sin_family=AF_INET;
saServer.sin_addr=*((LPIN_ADDR)*lpHostEntry->h_ad
int nRet=connect(Socket,(LPSOCKADDR)&saServer,sizeof(
if(nRet==SOCKET_ERROR){PRINTERROR("connect()");cl
char szBuffer[1024];
sprintf(szBuffer, "GET %s\n", lpFileName);
printf("%s\n",szBuffer);
nRet=send(Socket,szBuffer,strlen(szBuffer),0);
if(nRet==SOCKET_ERROR){PRINTERROR("send()");close
while(1)
{
nRet=recv(Socket,szBuffer,sizeof(szBuffer),0);
if(nRet==SOCKET_ERROR){PRINTERROR("recv()");break
fprintf(stderr,"\nrecv() returned %d bytes",nRet);
if(nRet==0)break;
// fwrite(szBuffer, nRet, 1, stdout);
}
closesocket(Socket);
}