Author Topic: Super cool 'astroids' bookmarklet  (Read 5316 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Super cool 'astroids' bookmarklet
« on: October 03, 2010, 08:52:31 pm »
This is too awesome:
http://erkie.github.com/

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Super cool 'astroids' bookmarklet
« Reply #1 on: October 04, 2010, 01:52:29 am »
+1 +20
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Super cool 'astroids' bookmarklet
« Reply #2 on: October 04, 2010, 03:29:28 am »
hahahahaha, this is great.  thanks for sharing. :)

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: Super cool 'astroids' bookmarklet
« Reply #3 on: October 04, 2010, 04:17:42 pm »
bookmarked that thing lol

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Super cool 'astroids' bookmarklet
« Reply #4 on: October 05, 2010, 03:09:17 am »
Doesn't work on iPad. :(
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline dark_drake

  • Mufasa was 10x the lion Simba was.
  • x86
  • Hero Member
  • *****
  • Posts: 2440
  • Dun dun dun
    • View Profile
Re: Super cool 'astroids' bookmarklet
« Reply #5 on: October 06, 2010, 01:31:33 pm »
This is too awesome:
http://erkie.github.com/
After bookmarking it, I proceeded to destroy all my webpages. I was then forced to reload them to kill them once more. :) Thanks for sharing.
errr... something like that...

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: Super cool 'astroids' bookmarklet
« Reply #6 on: October 06, 2010, 04:36:31 pm »
You should make one that spawns 10 mouse pointers each moving in the same direction as the real one but far enough apart that the user may have to bruteforce to figure out which one is the real one.
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Super cool 'astroids' bookmarklet
« Reply #7 on: October 06, 2010, 05:31:50 pm »
My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Super cool 'astroids' bookmarklet
« Reply #8 on: October 06, 2010, 10:54:48 pm »
mmmmm... cookies

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Super cool 'astroids' bookmarklet
« Reply #9 on: October 07, 2010, 03:12:56 am »
My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

Good sites use HTTP-only cookies.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Super cool 'astroids' bookmarklet
« Reply #10 on: October 07, 2010, 09:01:05 am »
My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

Good sites use HTTP-only cookies.
HTTP-only cookies are good, but they don't prevent cross-site request forgery-style attacks. As soon as you can run javascript code on another site, you can take any actions you want on the user's behalf (except for captcha-protected stuff and places where the user is forced to type in their password like change password pages). Standard XSRF defenses don't work if you can run javascript code in the context of the site.


Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: Super cool 'astroids' bookmarklet
« Reply #11 on: October 07, 2010, 12:45:03 pm »
I bet you could make a javascript letter detector for captchas easily ... might be really slow though.  Face detectors are pretty easy to make.

A lot of captchas are cracked by 20 year old code by HP ... breaking captchas is very doable.  I still think captchas should randomly collage various objects together and query the user to input the largest/smallest object's name.  Object detection and recognition is still a hard problem to solve.
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Super cool 'astroids' bookmarklet
« Reply #12 on: October 07, 2010, 12:47:02 pm »
True, but captchas raise the bar significantly.

The easiest way, really, is to get the user himself to fill in the captcha with some kind of pretext. :)

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: Super cool 'astroids' bookmarklet
« Reply #13 on: October 21, 2010, 08:39:06 pm »
I bet you could make a javascript letter detector for captchas easily ... might be really slow though.  Face detectors are pretty easy to make.

A lot of captchas are cracked by 20 year old code by HP ... breaking captchas is very doable.  I still think captchas should randomly collage various objects together and query the user to input the largest/smallest object's name.  Object detection and recognition is still a hard problem to solve.
I agree, a bunch of pictures asking which one is X would be perfect