Super cool 'astroids' bookmarklet

[iago]

This is too awesome:
http://erkie.github.com/

[MyndFyre]

+1 +20

[Sidoh]

hahahahaha, this is great.  thanks for sharing.

[Towelie]

bookmarked that thing lol

[Joe]

Doesn't work on iPad.

[dark_drake]

This is too awesome:
http://erkie.github.com/

After bookmarking it, I proceeded to destroy all my webpages. I was then forced to reload them to kill them once more. Thanks for sharing.

[nslay]

You should make one that spawns 10 mouse pointers each moving in the same direction as the real one but far enough apart that the user may have to bruteforce to figure out which one is the real one.

[iago]

My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

[Sidoh]

mmmmm... cookies

[MyndFyre]

My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

Good sites use HTTP-only cookies.

[iago]

My concern about this is that you're loading a script file from some guy's site into the context of a bunch of your own sites. If you aren't checking the script file carefully, that can be dangerous. He can take actions on your behalf, log keystrokes, steal cookies, etc.

Good sites use HTTP-only cookies.

HTTP-only cookies are good, but they don't prevent cross-site request forgery-style attacks. As soon as you can run javascript code on another site, you can take any actions you want on the user's behalf (except for captcha-protected stuff and places where the user is forced to type in their password like change password pages). Standard XSRF defenses don't work if you can run javascript code in the context of the site.

[nslay]

I bet you could make a javascript letter detector for captchas easily ... might be really slow though.  Face detectors are pretty easy to make.

A lot of captchas are cracked by 20 year old code by HP ... breaking captchas is very doable.  I still think captchas should randomly collage various objects together and query the user to input the largest/smallest object's name.  Object detection and recognition is still a hard problem to solve.

[iago]

True, but captchas raise the bar significantly.

The easiest way, really, is to get the user himself to fill in the captcha with some kind of pretext.

[Towelie]

I bet you could make a javascript letter detector for captchas easily ... might be really slow though.  Face detectors are pretty easy to make.

A lot of captchas are cracked by 20 year old code by HP ... breaking captchas is very doable.  I still think captchas should randomly collage various objects together and query the user to input the largest/smallest object's name.  Object detection and recognition is still a hard problem to solve.

I agree, a bunch of pictures asking which one is X would be perfect