The only reason he needed to "phish" was that this site had a maxlength on the relevant textbox
What on EARTH are you talking about? So now we are expecting users to type in the relevant Javascript to perform the XSS themselves? Or are we now performing XSS via XSS, which would depend entirely on guessing whether or not your target had an account, and intended to log in at said web-application before session timeout... Geez, get a clue!
Thats one of the most retarded and uneducated posts I have read. The issues are not with Javascript, but with the web application itself. Your argument about there being some potentially unknown underlying issues could apply to HTML itself - as i said, retarded and uneducated - just scaremongering. Someone just mod this troll out of my sight!
This is a perfect example of a shoddily developed website. Additionally, it is, in certain respects, a retarded piece of journalism.
The XSS mentioned requires the use of phishing techniques - why not simply capture username and password and this point of the exercise, it will allow you to regain entry once the session expires, and will allow you to overcome and further validation that the session handler may require. The XSS technique itself, printing the value of the cookie data via javascript to perform a get request to the evil server should not occur in the first place. That is simply shoddy website development. Sanitize input, escape output. Its not more difficult than that. Any developer who fails to grasp this most basic concept should not be in that line of work.
Secondly is the ability to transfer a session. In the example, the attacker utilizes a third party utility to modify the request data. Why he has done this is beyond me - much easier to simply edit the cookie itself, or even pass the session id back as a 'get' request, a tehnique accepted by default on many PHP installs. It is rather basic to overcome this kind of attack by utilizing a more sophisticated session handler, although this is rarely done as it is taken as a given that the attacker is not going to easily obtain a session ID.
Thirdly, is simple abuse of a poorly designed web application. There is no validation in place to ensure that the user has permission to perform a task on a designated object. In this case, there is no validation to ensure that user 42 has permission to modify data related to user 36. This is simply poorly designed, and again would not happen where a developer has half a clue about what he is doing.
Finally, is the mother of all attacks - the ability to upload and run abitrary code. This is a combination of two blatantly obvious (to those who are not clueless) issues that should not arise in a professional web application. Firstly, is the ability to upload files of a certain type. Apache, for example, doesnt require PHP files to be marked as executable, it will simply run anything with a.php extension (or others depending on configuration) through the PHP parser. If there is no reason for a user to be able to upload files of this type, basic sanitization should be in place to prevent the upload of these file types, or, more easily only allow files with permissable extensions to be uploaded. The second issue is related to basic site administration, unless there is need for direct access to the files, uploads should be located in a directory outside of the webroot, preventing direct access to (and possible execution of) these documents. If direct access is require, all external handlers should be disabled for that directory by the simple usage of a.htaccess file. This would mean that any uploaded scripts/executables would be treated in the same manner as a regular file, and be downloaded as opposed to 'run'.
In short, this was a very poorly designed web application. It didnt take into consideration any secure web development practices, such as Sanitization, Validation, Authorization and Limitation. Unfortunately, in todays climate, every man and his dog is a web developer, and 99% of them are complete and utter idiots.
Its already been done, and for a fraction of the price ("free" in certain cases). It features complete communications capability, phone, wireless, etc. This one is affixed using gravity, but a circular elastic accessory (optional) can be purchased to allow a more flexible degree of positioning. It currently uses a cut down version of windows, but can be adapted to run linux quite easily: http://www.mediaparty.com/wristcomputer.jpg
Sorry dude, I dont understand the reasoning behind your highlighted (and misspelled) words. I would assume they were directed at "Mensa Girl" and not myself, as they are typical of the garbage she has been spouting.
With all due respect to your post, but if he is avoiding spending a small fortune in tax, I for one would be interested in where the money is being spent. Especially as an earlier thread mentioned about the scholarship fund recieving a grant for $1bn, yet only supporting 20 students... Charities are the single-most publicised tax-dodge of them all.
To the small sample of the population I have asked - making a compilation from their CDs. If you think that because you use Rhapsody, so does everyone else, then you are very much mistaken - there is a whole world of people out there (the majority) who dont use any form of online mechanism for purchasing their music.
As I said - this advertisement doesnt appeal to the mass market - it only seems to appeal to people like yourself. THAT is the problem.
People will be thinking "HDTV? Digital Radio? How does that affect me?". Examples given should have been obviously relevant to what people are familiar with, otherwise its pointless
I have shown this clip to a few colleagues, and they just dont understand how these things effect them.
Talking about HDTV, mixing down from Digital Radio, and Digitizing commercial products for school projects is not the way to appeal to the mass consumer market.
Recording TV shows and making a favorites CD out of your music collection are more accessble principles to the mass market, and these are what should be highlighted.
Are you quite sure that your PC is high end?
Even a high end "personal" Dell will play new games smoothly at default settings.
I have a 2 year old laptop that will as well
My understanding was that they cannot guarantee an OSX compatible open source darwin kernel.
Wouldnt this be more along the lines of a fork as opposed to being evil?
Slashdot Mirror
What on EARTH are you talking about?
So now we are expecting users to type in the relevant Javascript to perform the XSS themselves?
Or are we now performing XSS via XSS, which would depend entirely on guessing whether or not your target had an account, and intended to log in at said web-application before session timeout...
Geez, get a clue!
Did you manage to misread half of the article or something?
And PNG's are images, doesnt mean there wasnt an underlying security issue with the way IE handled them....
Thats one of the most retarded and uneducated posts I have read.
The issues are not with Javascript, but with the web application itself.
Your argument about there being some potentially unknown underlying issues could apply to HTML itself - as i said, retarded and uneducated - just scaremongering.
Someone just mod this troll out of my sight!
This is a perfect example of a shoddily developed website.
.php extension (or others depending on configuration) through the PHP parser. If there is no reason for a user to be able to upload files of this type, basic sanitization should be in place to prevent the upload of these file types, or, more easily only allow files with permissable extensions to be uploaded. The second issue is related to basic site administration, unless there is need for direct access to the files, uploads should be located in a directory outside of the webroot, preventing direct access to (and possible execution of) these documents. If direct access is require, all external handlers should be disabled for that directory by the simple usage of a .htaccess file. This would mean that any uploaded scripts/executables would be treated in the same manner as a regular file, and be downloaded as opposed to 'run'.
Additionally, it is, in certain respects, a retarded piece of journalism.
The XSS mentioned requires the use of phishing techniques - why not simply capture username and password and this point of the exercise, it will allow you to regain entry once the session expires, and will allow you to overcome and further validation that the session handler may require.
The XSS technique itself, printing the value of the cookie data via javascript to perform a get request to the evil server should not occur in the first place. That is simply shoddy website development. Sanitize input, escape output. Its not more difficult than that. Any developer who fails to grasp this most basic concept should not be in that line of work.
Secondly is the ability to transfer a session. In the example, the attacker utilizes a third party utility to modify the request data. Why he has done this is beyond me - much easier to simply edit the cookie itself, or even pass the session id back as a 'get' request, a tehnique accepted by default on many PHP installs. It is rather basic to overcome this kind of attack by utilizing a more sophisticated session handler, although this is rarely done as it is taken as a given that the attacker is not going to easily obtain a session ID.
Thirdly, is simple abuse of a poorly designed web application. There is no validation in place to ensure that the user has permission to perform a task on a designated object. In this case, there is no validation to ensure that user 42 has permission to modify data related to user 36. This is simply poorly designed, and again would not happen where a developer has half a clue about what he is doing.
Finally, is the mother of all attacks - the ability to upload and run abitrary code. This is a combination of two blatantly obvious (to those who are not clueless) issues that should not arise in a professional web application. Firstly, is the ability to upload files of a certain type. Apache, for example, doesnt require PHP files to be marked as executable, it will simply run anything with a
In short, this was a very poorly designed web application. It didnt take into consideration any secure web development practices, such as Sanitization, Validation, Authorization and Limitation.
Unfortunately, in todays climate, every man and his dog is a web developer, and 99% of them are complete and utter idiots.
Its already been done, and for a fraction of the price ("free" in certain cases).
It features complete communications capability, phone, wireless, etc.
This one is affixed using gravity, but a circular elastic accessory (optional) can be purchased to allow a more flexible degree of positioning.
It currently uses a cut down version of windows, but can be adapted to run linux quite easily: http://www.mediaparty.com/wristcomputer.jpg
Best response ever. :D
Wish I had mod points
What is it with Slashdot and people consistently misspelling "Tequila"!
I would pull up some stats but the search seems broken?
Sorry dude, I dont understand the reasoning behind your highlighted (and misspelled) words.
I would assume they were directed at "Mensa Girl" and not myself, as they are typical of the garbage she has been spouting.
Any yes, the misspelling of "grammar" was intentional..... honest....
No - what is hilarious is that the grammer nazi cant spell "intellectual".
Go crawl back under your rock.
Even more humorous is your spelling of Mensa.
I would assume you are not a member };-]
With all due respect to your post, but if he is avoiding spending a small fortune in tax, I for one would be interested in where the money is being spent. Especially as an earlier thread mentioned about the scholarship fund recieving a grant for $1bn, yet only supporting 20 students...
Charities are the single-most publicised tax-dodge of them all.
I see - so this advertisement was only meant to target that demographic.
Boy, did they get that wrong.
I see - so you think a campaign to target a non-voting demographic is going to help....
To the small sample of the population I have asked - making a compilation from their CDs.
If you think that because you use Rhapsody, so does everyone else, then you are very much mistaken - there is a whole world of people out there (the majority) who dont use any form of online mechanism for purchasing their music.
As I said - this advertisement doesnt appeal to the mass market - it only seems to appeal to people like yourself. THAT is the problem.
That was exactly my point.
People will be thinking "HDTV? Digital Radio? How does that affect me?". Examples given should have been obviously relevant to what people are familiar with, otherwise its pointless
I have shown this clip to a few colleagues, and they just dont understand how these things effect them.
Talking about HDTV, mixing down from Digital Radio, and Digitizing commercial products for school projects is not the way to appeal to the mass consumer market.
Recording TV shows and making a favorites CD out of your music collection are more accessble principles to the mass market, and these are what should be highlighted.
Are you quite sure that your PC is high end? Even a high end "personal" Dell will play new games smoothly at default settings. I have a 2 year old laptop that will as well
Courtney Love can count?
What license is this released under - I dont see to find any information anywhere...
Maybe we could reverse-engineer it, and use it as a plugin to take us to "red-flagged" sites!
rush "duke nukem" forever, when they blatantly havent been doing so since the start?
My understanding was that they cannot guarantee an OSX compatible open source darwin kernel. Wouldnt this be more along the lines of a fork as opposed to being evil?
I have no idea what the parent is waffling on about. I feel so stupid - please mod me down :(