The page 27 - Dave's Blog

Search
My timeline on Mastodon

Web Security Contest - Stripe CTF

2012 Aug 27, 4:18

Stripe is running a web security capture the flag - a series of increasingly difficult web security exploit challenges. I've finished it and had a lot of fun. Working on a web browser I knew the theory of these various web based attacks, but this was my first chance to put theory into practice with:

  • No adverse consequences
  • Knowledge that there is a fun security exploit to find
  • Access to the server side source code

Here's a blog post on the CTF behind the scenes setup which has many impressive features including phantom users that can be XSS/CSRF'ed.

I'll have another post on my difficulties and answers for the CTF levels after the contest is over on Wed, but if you're looking for hints, try out the CTF chatroom or the level specific CTF chatroom.

PermalinkCommentscontest security technical

Say goodbye to these!

2012 Aug 24, 1:52




Say goodbye to these!

PermalinkCommentshumor politics arrested-development

Gangnam Style looks like he’s riding a horse but actually...

2012 Aug 24, 1:29


Gangnam Style looks like he’s riding a horse but actually its satire.

Also, the making of video: http://youtu.be/9HPiBJBCOq8

PermalinkCommentshumor music music-video video psy south-korea

IKEA's New Catalogs: Less Pine, More Pixels - WSJ.com

2012 Aug 24, 3:15

CGI for the IKEA catalog:

That couch catching your eye in the 2013 edition of IKEA’s new catalog may not be a couch at all. It is likely the entire living room was created by a graphic artist. In fact, much of the furniture and settings in the 324-page catalog are simply a collection of pixels and polygons arranged on a computer.

PermalinkComments3d photo graphics ikea

Alexandria 2.0: One Millionaire's Quest to Build the Biggest Library on Earth | Threat Level | Wired.com

2012 Aug 21, 7:00

Brief history and scope of the Internet Archive.

PermalinkCommentsinternet-archive history

Seized shirt! For the feds, it’s not enough to simply seize...

2012 Aug 17, 8:40


Seized shirt!

For the feds, it’s not enough to simply seize domain names without warning or due process—they want to make sure everyone knows the website operators were breaking the law, even if that has yet to be proven in court. That’s why every domain that gets seized ends up redirecting to one of these dramatic warning pages, replete with the eagle-emblazoned badges of the federal agencies involved.

PermalinkCommentshumor law ip fbi legal shirt tshirt

A New Species Discovered ... On Flickr (npr.org)

2012 Aug 11, 9:17

Winterton, a senior entomologist at the California Department of Food and Agriculture, has seen a lot of bugs. But he hadn’t seen this species before.

There’s no off switch when you’re the senior entomologist. If you’re browsing the web you find your way to Flickr photos of insects or start correcting Wikipedia articles on insects.

PermalinkCommentsflickr insect science photos

Decrypt.py: Act like a decrypting hacker on tv (github.com)

2012 Aug 8, 3:34

A python script that d3crypt5 the input pipe’s ASCII content from ASCII garbage slowly into the correct output.

PermalinkCommentstechnical humor hack decrypt

wired: jtotheizzoe: Meet Sarcastic Mars Rover, now on Twitter,...

2012 Aug 7, 5:57










wired:

jtotheizzoe:

Meet Sarcastic Mars Rover, now on Twitter, doing a science all over your everything.

Meet your new twitter friend.

PermalinkCommentshumor mars rover science

Nanex ~ 03-Aug-2012 ~ The Knightmare Explained

2012 Aug 6, 4:29

We believe Knight accidentally released the test software they used to verify that their market making software functioned properly, into NYSE’s live system.

I get chills breaking the build at work.  I can’t imagine how much worse it would feel to deploy your test suite and destroy the company you work for.

PermalinkCommentsmoney stock knight software trading technical

(via Pareidoloop) “Phil McCarthy’s Pareidoloop...

2012 Aug 6, 4:11


(via Pareidoloop)

“Phil McCarthy’s Pareidoloop overlays randomly generated polygons on top of one another until facial recognition software recognizes a human face. Can’t sleep, at SIGGRAPH! [via @Brandonn]”

PermalinkCommentstechnical images facial-recognition siggraph

The Netflix Tech Blog: Chaos Monkey released into the wild

2012 Jul 30, 3:49

Chaos Monkey randomly kills your Amazon Web Service VMs increasing the failure rate forcing your web service to deal with it.

PermalinkCommentstechnical programming web amazon netflix

This Week in Review: Reddit and news orgs’ shooting coverage, and Yahoo and Twitter’s identities » Nieman Journalism Lab

2012 Jul 28, 2:37

Link roundup and summary of Reddit and traditional news coverage of the Aurora shooting.

PermalinkCommentsreddit news

Newsroom: Miscellaneous: New Online Tool Gives Public Wider Access to Key U.S. Statistics

2012 Jul 28, 2:35

The U.S. Census Bureau today released a new online service that makes key demographic, socio-economic and housing statistics more accessible than ever before. The Census Bureau’s first-ever public Application Programming Interface (API) allows developers to design Web and mobile apps to explore or learn more about America’s changing population and economy.

PermalinkCommentstechnical api census statistics stats web restful rest

I'm an American and I want to watch the Olympics. What do I do? (iamnotaprogrammer.com)

2012 Jul 28, 12:05

One persons quest to watch the Olympics online.

The location requirements (guessed at via IP address) are irritating. The requirement that you have a particular cable subscription to view video online seems like not network neutrality.

Also this related article:

http://techcrunch.com/2012/07/27/nbc-olympic-opening-ceremony/

PermalinkCommentsolympics video internet web

Windows Executable Walkthrough Graphic (corkami.com)

2012 Jul 19, 5:58

Breakdown of the bytes of a Windows executable in a big old chart!

PermalinkCommentstechnical windows programming

paulscheer: Paul Scheer and Adam Scott trolling Comic...

2012 Jul 17, 3:48






paulscheer:

Paul Scheer and Adam Scott trolling Comic Con

Yup…This Happened!

And the video:

http://www.youtube.com/watch?v=B1lyRA8IRgQ#t=1m29s

PermalinkCommentshumor comic-con paul-scheer adam-scott

Everybody hates Firefox updates - Evil Brain Jono's Natural Log

2012 Jul 16, 1:59

Former FireFox developer on the switch to their continuous update cycle. 

Oh no, Chrome is doing such-and-such; we’d better do something equivalent or we’ll fall behind! We thought we needed a rapid update process like Chrome. We were jealous of their rapid update capability, which let them deploy improvements to users continuously. We had to “catch up” with Chrome’s updating capability.

Dealing with servicing on IE for years had led me to some of the same thoughts when I heard FireFox was switching to continuous updates.

PermalinkCommentsfirefox via:ericlaw web-browser technical web browser servicing update software

laughingsquid: The Universe Gets Its Own Twitter Account &...

2012 Jul 14, 3:47


laughingsquid:

The Universe Gets Its Own Twitter Account & Humorously Responds When Mentioned

PermalinkCommentshumor twitter

fontBomb - Stylishly destroy the web

2012 Jul 6, 6:20

Bookmarklet that lets you drop cartoon style black spherical bombs that send the text on any page flying.

PermalinkCommentshumor web bookmarklet bomb
Older EntriesNewer Entries Creative Commons License Some rights reserved.