How does this idea sound?
When you arrive at the voting place, a person checks your identification and makes sure you are at the correct voting place and you haven't already voted. For each contest on the ballot, there is a line of turnstiles you can pass through, one for each contestant (or yes/no/abstain for ballot measures). Once you make your first vote, there is another line of turnstiles for the next contest/ballot measure. This could be behind curtains to keep it almost 100% anonymous other than the person or people watching you to make sure you don't turn any turnstiles more than once. At the end of the day, the MECHANICAL turnstiles' counters are read.
SQL injection does not exploit the SQL server at all, it exploits a vulnerability in the webapp that is sending the SQL query.
If there is SQL injection in an INSERT or UPDATE query, the attacker might be able to insert javascript into the database which might then be sent back to the users in the place of real content (e.g. article text). Basically, persistant XSS via SQL injection.
CSRF happens in POST requests as well. In fact, most public CSRF exploits I've seen have used POST forms in IFRAMEs automatically submitted using javascript (document.form.submit). This is another great reason to use noscript, because you are not going to know this is happening otherwise.
Actually, the presenters were the ones that made that decision.
So, after much deliberation we opted to pull our speech voluntarily, due to the extremely neutered information we'd have to be sharing. We'd much rather share the full breadth of what we found when it can be discussed more openly as to not diminish the danger of the flaw by only talking about small parts of the issue. -from ha.ckers.org
Many websites nowadays are hosted using "Virtual Hosting". This means that there is more than one website hosted at that particular IP address, and the web server determines which data to send back to the user by looking at the Host: header in the HTTP request.
Only choose 1and1.com for email hosting if you aren't going to use their SMTP servers to send mail. 1and1's mail servers get blacklisted almost monthly.
Spraying end users with spoofed responses would not work because end users workstations do not talk to the authoritative nameserver directly. Additional Resource Records are only accepted if they are for the same second-level domain that you are asking about.
Receiving MTAs should NEVER send bounces. That is the job of the sending MTA. One of the problems here is that gmail is reporting a 250 OK, so the sending MTA sees no error and does not send a bounce message.
I agree. This is not The Happening. You cannot make somebody kill themselves over the Internet; although someone should start an RFC because that would be very useful.
They were looking for the USS Thresher and USS Scorpion, two US nuclear submarines that sank during the Cold War. This is news? Aren't submarines supposed to sink?
Because letterhead over fax is authentication... Actually this guy may have discovered their "part social engineering part technical flaw" by accident.
Slashdot Mirror
How does this idea sound? When you arrive at the voting place, a person checks your identification and makes sure you are at the correct voting place and you haven't already voted. For each contest on the ballot, there is a line of turnstiles you can pass through, one for each contestant (or yes/no/abstain for ballot measures). Once you make your first vote, there is another line of turnstiles for the next contest/ballot measure. This could be behind curtains to keep it almost 100% anonymous other than the person or people watching you to make sure you don't turn any turnstiles more than once. At the end of the day, the MECHANICAL turnstiles' counters are read.
They don't even need your Google login... they can use their own.
SQL injection does not exploit the SQL server at all, it exploits a vulnerability in the webapp that is sending the SQL query.
If there is SQL injection in an INSERT or UPDATE query, the attacker might be able to insert javascript into the database which might then be sent back to the users in the place of real content (e.g. article text). Basically, persistant XSS via SQL injection.
I don't know, but this is the first time I've ever seen the "Asshats" box NOT checked.
'Ctrl+a' then 'd' for "detach"
CSRF happens in POST requests as well. In fact, most public CSRF exploits I've seen have used POST forms in IFRAMEs automatically submitted using javascript (document.form.submit). This is another great reason to use noscript, because you are not going to know this is happening otherwise.
Actually, the presenters were the ones that made that decision.
So, after much deliberation we opted to pull our speech voluntarily, due to the extremely neutered information we'd have to be sharing. We'd much rather share the full breadth of what we found when it can be discussed more openly as to not diminish the danger of the flaw by only talking about small parts of the issue.
-from ha.ckers.org
Many websites nowadays are hosted using "Virtual Hosting". This means that there is more than one website hosted at that particular IP address, and the web server determines which data to send back to the user by looking at the Host: header in the HTTP request.
Where's the command and control center of my computer? I don't remember putting that in there!
Only choose 1and1.com for email hosting if you aren't going to use their SMTP servers to send mail. 1and1's mail servers get blacklisted almost monthly.
Anyone else notice that the "Asshats" box is always checked whenever anyone posts one of these?
Nice to meet you Kevin.
I think that double rot13 would achieve a faster HIPAA complaint rate. EDIT: I read the subject again and realized it said compliant, not complaint...
no service password-recovery
Spraying end users with spoofed responses would not work because end users workstations do not talk to the authoritative nameserver directly. Additional Resource Records are only accepted if they are for the same second-level domain that you are asking about.
At least it's correctly labeled as "a pos"!
Receiving MTAs should NEVER send bounces. That is the job of the sending MTA. One of the problems here is that gmail is reporting a 250 OK, so the sending MTA sees no error and does not send a bounce message.
Didn't he have a book in his car titled something like How to Get Away with Murder?
I agree. This is not The Happening. You cannot make somebody kill themselves over the Internet; although someone should start an RFC because that would be very useful.
George? Is that you?
Religious typosquatters vs. technically-informed lawyer. Both are very rare.
Hey! I'm an insensitive clod you insensitive clod!
Because letterhead over fax is authentication... Actually this guy may have discovered their "part social engineering part technical flaw" by accident.
You can't play the song on the Rock Band game by buying it on iTunes... They aren't just buying a song to listen to, it is a different product.