| |
| I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
Saturday Night Science: Drink 2 |
|
|
|---|
| Topic: Science |
8:20 pm EDT, Apr 7, 2007 |
1 shot peach vodka
1/2 shot peach schnapps
1/2 shot triple sec
fill with OJ
splash of grenadine Much smoother than drink #1. I can't tell if thats because my brain is feeling a little fuzzy and I wouldn't try to drive right now. The problem is while I can't taste the alcohol, the drink as a whole feels watered down. I think I'll halve the vodka next round |
|
Saturday Night Science: Drink 1 |
|
|
|---|
| Topic: Science |
7:52 pm EDT, Apr 7, 2007 |
Peach Martini Attempt 1: Well, the first problem is I don't have a martini glass. The closest thing I have is a red wine glass, while holds a lot more than a martini glass. Cest la via. 1 shot peach vodka
1 shot triple sec
1 shot peach schnapps
fill with orange juice
splash of grenadine. Results:
Whoa! harsh at first. I think a little less vodka. I'm about halfway done and my head is swimming. This is going to be a long night for a girlie drinking man. |
|
|
|---|
| Topic: Science |
7:48 pm EDT, Apr 7, 2007 |
Jill and I went to the Atlanta Fish Market last weekend on a $200 gift card I won back at the SPI Kickoff party in January. The food was excellent and they also had a lovely drink: A Peach martini! Jill and I had 4 between the two of us and needless got more than a little toasted. We asked different waiters and bartenders what was in in, and we kept getting different answers. However, most answers seemed to revolve around these ingredients: -Peach Vodka
-Peach Schnapps
-Triple Sec
-Orange Juice
-Cherry grenadine I have purchased these, and tonight will attempt to reverse engineer the drink, as I couldn't find the drink in Webtender. |
|
|
|---|
| Topic: Technology |
2:41 pm EDT, Apr 6, 2007 |
Here is a 22 minute webcast, containing a demo of Jikto and detailed discussions about how it works and why these types of attacks are possible. Jikto Webcast |
|
Virtual feds�visit Second Life casinos - CNN.com |
|
|
|---|
| Topic: Miscellaneous |
12:32 pm EDT, Apr 4, 2007 |
FBI investigators have visited Second Life's Internet casinos at the invitation of the virtual world's creator Linden Lab, but the U.S. government has not decided on the legality of virtual gambling.
So much about this quote amuses me. On a serious side, this begs the question when is "virtual crime" real crime? Is virtual gambling taxable? I would assume only if you can somehow get real money out of the game. Which leads us to eBay restricting the sale of online items or characters, the classic way people transfered money into the real world. I wonder if they'll start cracking down on all the "virtual" prostitution in SL. Virtual feds�visit Second Life casinos - CNN.com |
|
Facebook rolls out infinite session ids |
|
|
|---|
| Topic: Technology |
5:52 pm EDT, Apr 3, 2007 |
To improve the user experience for your application, we've added support for session keys that don't expire. This means that users will only have to log in to Facebook once
for your application.
... holy shit, you have to be kidding me. To take advantage of infinite sessions, your application should permanently store a user's session key and include it in method calls. You won't ever need to establish a new session on behalf of that user, unless the user explicitly logs out of your application. To see infinite sessions in action, check out the Facebook Exporter for iPhoto - once logged in to Facebook for the first time, users should never have to log in again.
Ok, follow the idiot bread crumbs here. First Facebooks turns down $800 million. Now they are just asking to get 0wn3d with their "infinite" sessions. I never thought I'd use the words "wet dream" and XSRF in the same sentence but this is a wet dream for anyone wanting to write a facebook XSS or XSRF worm. Make you wonder exactly how many bong hits did Mark Zuckerberg do at Harvard? Facebook rolls out infinite session ids |
|
|
|---|
| Topic: Technology |
5:30 pm EDT, Apr 3, 2007 |
I just recorded a webcast about Jikto, including a demo. I had to fix a number of bugs in the original (and leaked) code. Jikto now properly audits POST requests and flags on XSS and SQL Injection vulns. I also revamped the web interface, and photoshopped the Nikto logo (property of http://cirt.net) into one for Jikto. Here is a screen shot of Jikto. Demo is rendering on my laptop now, and should be up on SPI's website sometime tomorrow |
|
RIAA Lawsuit Decision Matrix |
|
|
|---|
| Topic: Society |
4:06 pm EDT, Apr 2, 2007 |
We have obtained secret documents which RIAA lawyers use to determine whether to file a lawsuit against a copyright violator. These documents give insight into the RIAA's decision-making process, and could help people avoid lawsuits in the future. We offer these documents as a public service.
RIAA Lawsuit Decision Matrix |
|
httpOnly :: Firefox Add-ons |
|
|
|---|
| Topic: Miscellaneous |
3:45 pm EDT, Apr 2, 2007 |
Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.
Awesome! Stefan Esser (of the Month of PHP mugs fame) continues to make excellent contributions to the web security space! Great job! httpOnly :: Firefox Add-ons |
|
