I think I figured out how to get my RSS posts to show up on Facebook as well as btraut.com. I’ve also managed to integrate Twitter with Facebook. Facebook Connect even suckered me in to posting stories about Digg, Last.fm, YouTube, del.icio.us and Hulu.
Yes, this school year has certainly been as busy as always. I occasionally do find time for recreation, though. In this case, I speak of competitive Tetris (of course).
I was recently playing Block Star (Tetris Tournament), a horrifically addicting Facebook application in which players play Tetris and compare high scores with friends and users wordwide. While playing, I was delighted to find that I had broken my previous high score. Unfortunately, Comcast internet is as reliable as bridges in Minneapolis, and chose to fail right when I needed it most. My high score was not submitted. Most people at this point would just curse and move on with their day, but being a web designer and Facebook application developer, I figured I’d investigate a bit more. I wanted to figure out how the application communicated with the high scores database. Needless to say, I figured it out, and even managed to boost my high score even farther:
The high score has since been taken down by the developer, but not before I messaged him and explained how I exploited his application’s vulnerability. To all you web developers out there - make sure you verify all user information, even if it’s a POST request coming from an AJAX call. If a user can break it, they probably will.
It’s fun to be #1 in the world sometimes…
Link of the Day - 8/24/07
Published by August 24th, 2007 in Games, Link of the Day and Flash. 0 CommentsAlright kids, it’s been a while. I realize this feature barely has the right to be called “Link of the Month” let alone “Day”, but I promise today’s link is awesome. It’s Risk style game by the name of Dice Wars You get so many dice based on the number of territories you control, and can take other territories by rolling a higher number with your dice. Simple. Veni vidi vici!
I got an interesting call today. It was from Brian Krebs of Washington Post’s own “Security Fix” blog. Brian wanted some information about my old Safari-killing Javascript clip originally featured on Drunken Blog. He’s currently putting together an article on major bugs Apple encountered in the last year or two. I’ll post a link to the article when it comes out.
For those of you that aren’t familiar with my Javascript clip, here’s the background I gave Brian:
I originally found the bug on Torrent-Finder.com. It allows you to search several BitTorrent sites in an iframe-like environment. For some reason, one of the particular sites always caused Safari to crash. I used Firefox to grab the page source and whittled it down to the few hostile lines. I called my file “killsaf.html”. The creation date on it (attached) is Jan 20, 2006. I remember after I found it, I was unaware of how to submit it to Apple other than the “Your program has unexpectedly quit — would you like to send a report to Apple” dialog. I did submit this dialog at least once with a link to my script (btraut.com/killsaf.html at the time) shortly after I found it. I can’t give you an exact date on that, but I would expect a week or two after the creation date. A while passed and I heard nothing.
On March 30, 2006 I found Drunken Blog’s post Deja-Doom explaining the image exploit to take down webkit. You can still see my post on the comments section with a link. On April 11, Batman messaged me via AIM and asked if he could use my name in his article (which was posted the following day).
This issue was finally fixed in the following patch pushed out by Apple via Software Update, Security Update 2006-004, on August 1, 2006.
I should also note that while this exploit crashed Safari, which is unexpected behavior and can legitimately be deemed an exploit, I have no idea whether it could be used to execute any malicious code.
I’ve since reposted the “killsaf.html” script. It doesn’t work anymore, but you can still take a look.
Link of the Day - 5/12/07
Published by May 12th, 2007 in Games, Link of the Day and Flash. 0 CommentsOnce again I leave you in control of a small box in a land of other dangerous boxes. This time they can (and will) touch you, but not to your best interest. Your box needs to stay away from the cliff face while they try to push you off. See if you can beat 3249.
