Questions about current job. A) is your boss hard to please/work with? Do people hound you daily? B) are you stagnant in your position with no place to advance? C) if someone offered you a lateral move would you take it?
Questions about new job. A) can you lower your cost of living and be comfortable at your new pay scale? B) will you learn skills which you can take on to a higher paying job elsewhere? C) Can you see yourself comfortable in that environment for 5 years?
Answer yes to 2+ in section 1 AND answer yes to all 3 in section 2 = quit. Otherwise, stay where your at.
Hell no... if we can help it we won't even touch an ASP site. I can usually find a security flaw in any asp site created by a --Senior web developer... most of the time they are wide open to SQL injection in their admin login forms...
I develop websites as well as part of a much larger firm. We stop providing support for older browsers (Like IE 5 and 5.5 Mac) when MS decides to stop supporting them.
We will only test on XP, Win2K and win 98, but not 95... (that's just silly:)
Our browser support goes back to IE 5.5 Win, NS 6, FF.8, and Safari (forget which version).
Take the hint from others and you will be able to justify your actions.
*nix had the most total number of vulnerabilities, however I believe that if you look at the severity of windows vulnerabilities, you will find them to be more severe and longer lived in nature...
Plus, when the hell are people going to stop grouping ALL distrubutions of Linux into one category... how many major distrubutions by different vendors are out there? 18 or somthing like that, and hundreds of smaller distros... There is only ONE Microsoft. Compare Windows to any single distribution... and then we will see what kind of leg it has to stand on...
*This post written by an avid Microsoft Windows user who does not even know or understand Linux, yet wishes he did*
We just finished www.sendherflowers.com... the main page and view cart page use a LOT of ajax functionality... the scroller at the top is all JS
We managed to maintain the history and book mark functionality with a system called Really Simple History which uses # locators in the URL to maintain the state...
You think the common user knows how to disable javascript? Or as M$ calls it... active scripting?
Tell your mother/friend/avg. user to go into her control panel and disable javascript... then just let her run with it. It will give you somthing to fix over Thanksgiving.
Now all we need to do is have a nice Zero day windows exploit that is self spreading and code it to go out and install Fire Fox (and remove IE) on every windows computer.
'course, before one does that, one should sign up for the $1 google promotion...
We would need someone to mod the FF build and make it install seamlessly with defaults... no point in a bug if you get prompted by the install software...
and we need someone to write the shell code to install and spread the whole package...
So, who's good at writing shell code? Sony? Are you listening?
just give them time and we can zoom in on the house of the script kiddie who generated 32,000 hits to your admin pannel with a brute force password attack script...
And when I attempt to login to the email account with IE... it tells me that I have to update my toolbar(which I dont have) to access the email account...
Since when do I need a plugin to view webmail?!?!? WTF Yahoo!?
if they Put forth so much brain power to kick the enemy's ass... that at leat their links would work... I cant get to the mail from the yahoo home page... and yes, I have JS enabled.
So when the bank official looses his laptop with my bank data on it and the thief dumps the data to another system and reformats before it connects to the net then what do I get for my stolen identity?
In some cases I had the actual card swiped on a reader which captured all the information from the card and which I could dump to the computer for printing on a physical card. Theirs not much you can do about some kid at a restaurant with a palm reader...
but again, some vendors didnt even validate the EXP date when processing the card... or would simply pass the card number and exp to the gateway...
I actually found one vendor who only validated (to the best of my knowledge) that the CC number was a valid number FORMAT... allowing me to create my own CC number with a reverse mod10 algorithm and create a card... I suppose they simply validated the number and ran the batch at the end of the day manually...
in the early days of CVV, none of the retailers ever validated the card with the cvv. Even these days most POS Systems dont take the cvv into concideration because the physical card is present.
its more used for online transactions to validate that you have the card in hand... but if that e-tailor has an insecure system, and stores CC Data unencrypted in their DB... and you can hack it... well, its all a mess.
I should also state that many of my clients know of my past exploits, which extend far beyond those listed here, and choose to hire me BECAUSE of that knowlege.
Slashdot Mirror
Questions about current job.
A) is your boss hard to please/work with? Do people hound you daily?
B) are you stagnant in your position with no place to advance?
C) if someone offered you a lateral move would you take it?
Questions about new job.
A) can you lower your cost of living and be comfortable at your new pay scale?
B) will you learn skills which you can take on to a higher paying job elsewhere?
C) Can you see yourself comfortable in that environment for 5 years?
Answer yes to 2+ in section 1 AND answer yes to all 3 in section 2 = quit.
Otherwise, stay where your at.
Hell no... if we can help it we won't even touch an ASP site. I can usually find a security flaw in any asp site created by a --Senior web developer... most of the time they are wide open to SQL injection in their admin login forms...
Silly WYSIWYG developers...
I develop websites as well as part of a much larger firm. We stop providing support for older browsers (Like IE 5 and 5.5 Mac) when MS decides to stop supporting them.
:)
.8, and Safari (forget which version).
We will only test on XP, Win2K and win 98, but not 95... (that's just silly
Our browser support goes back to IE 5.5 Win, NS 6, FF
Take the hint from others and you will be able to justify your actions.
Secret, Strong enough for a man... and that's good enough for me...
*nix had the most total number of vulnerabilities, however I believe that if you look at the severity of windows vulnerabilities, you will find them to be more severe and longer lived in nature...
Plus, when the hell are people going to stop grouping ALL distrubutions of Linux into one category... how many major distrubutions by different vendors are out there? 18 or somthing like that, and hundreds of smaller distros... There is only ONE Microsoft. Compare Windows to any single distribution... and then we will see what kind of leg it has to stand on...
*This post written by an avid Microsoft Windows user who does not even know or understand Linux, yet wishes he did*
We just finished www.sendherflowers.com ... the main page and view cart page use a LOT of ajax functionality... the scroller at the top is all JS
We managed to maintain the history and book mark functionality with a system called Really Simple History which uses # locators in the URL to maintain the state...
We think it worked rather well.
Or rather, starts gaming at 2,4,6 AM when the kids wake up for feedings....
Seriously, this would have been appreciated when they (www.lifewithtwins.com) were born... those first two weeks kicked our ass!
Nuke it for 10 seconds and then blow in the slots... Worked for the 16bit Nintindo.... well, till I nuked it...
You think the common user knows how to disable javascript? Or as M$ calls it... active scripting?
Tell your mother/friend/avg. user to go into her control panel and disable javascript... then just let her run with it. It will give you somthing to fix over Thanksgiving.
solution:
Buy sony cd,
install rootkit
rename Explorer to $sys$explorer.exe
Now all we need to do is have a nice Zero day windows exploit that is self spreading and code it to go out and install Fire Fox (and remove IE) on every windows computer.
'course, before one does that, one should sign up for the $1 google promotion...
We would need someone to mod the FF build and make it install seamlessly with defaults... no point in a bug if you get prompted by the install software...
and we need someone to write the shell code to install and spread the whole package...
So, who's good at writing shell code? Sony? Are you listening?
it was the home page, yahoo.com that had the issue. I still cannot click a single link on that page.
just give them time and we can zoom in on the house of the script kiddie who generated 32,000 hits to your admin pannel with a brute force password attack script...
I cant fu3king wait!!!
And when I attempt to login to the email account with IE... it tells me that I have to update my toolbar(which I dont have) to access the email account...
Since when do I need a plugin to view webmail?!?!? WTF Yahoo!?
AH!!! But I am using FireFox... so what? I cant browse Yahoo with FF? is Yahoo really content with cutting out 10% of their market share?
I'll stick with the big G.
if they Put forth so much brain power to kick the enemy's ass... that at leat their links would work... I cant get to the mail from the yahoo home page... and yes, I have JS enabled.
as a programmer working for a company on salery I made about $45,000 / year.
As a programmer working for freelance clients in my own company I make about $45,000 / month...
gee, I wonder which one Ill stick with.
So when the bank official looses his laptop with my bank data on it and the thief dumps the data to another system and reformats before it connects to the net then what do I get for my stolen identity?
www.eatoutin.com
My mistake,
In some cases I had the actual card swiped on a reader which captured all the information from the card and which I could dump to the computer for printing on a physical card. Theirs not much you can do about some kid at a restaurant with a palm reader...
but again, some vendors didnt even validate the EXP date when processing the card... or would simply pass the card number and exp to the gateway...
I actually found one vendor who only validated (to the best of my knowledge) that the CC number was a valid number FORMAT... allowing me to create my own CC number with a reverse mod10 algorithm and create a card... I suppose they simply validated the number and ran the batch at the end of the day manually...
to each his own opinion.
in the early days of CVV, none of the retailers ever validated the card with the cvv. Even these days most POS Systems dont take the cvv into concideration because the physical card is present.
its more used for online transactions to validate that you have the card in hand... but if that e-tailor has an insecure system, and stores CC Data unencrypted in their DB... and you can hack it... well, its all a mess.
This is what I do now, secure these systems.
I should also state that many of my clients know of my past exploits, which extend far beyond those listed here, and choose to hire me BECAUSE of that knowlege.
believe what youd like...
I know what Ive done...
And I know how to keep others from doing it.. so I may as well put that knowlege to use.
However, the real lesson should be spellcheck your slashdot posts :)
Sorry for that.