Monthly Archives: March 2012

JavaScript LAN scanner / CSRF demo

I wrote a JavaScript LAN scanner: http://sam.nipl.net/code/lan-scan/ It is not at all cutting-edge, just a friendly demo of Cross Site Request Forgery. The Firefox NoScript extension has a component called ABE, which can help.

Posted in Uncategorized | 2 Comments

Not secure, will Fail. How to stop CSRF exploits? TLDR edition

How to stop CSRF exploits? What changes to the HTTP protocol spec, and to browser behaviour, would be required to prevent dangerous cases of cross-site request forgery? I am not looking for suggestions as to how to patch my own … Continue reading

Posted in Uncategorized | 1 Comment

Not secure, will Fail. How to stop CSRF? (cross-site request forgery)

Dear Lazyweb, sanity check this for me? Many web pages load resources from other sites, such as images, scripts, etc.  This is useful, and fairly harmless.  However, all popular browsers send any cookies and http-auth headers along with those cross-site … Continue reading

Posted in Uncategorized | 2 Comments

idea for a simpler web template system

I made a simple web template system.  I will describe here, in case someone will like it. A template contains sample content, it doubles as a mockup.  Data can be bound to any HTML container with a new attribute, ‘v’.  … Continue reading

Posted in Uncategorized | 2 Comments

warn of fsck ‘coming soon’

My laptop runs Debian with an ext3 root filesystem. Every 27 boots or so it gets stuck doing an fsck for maybe 10 minutes… This can be inconvenient! So I wrote a little script which checks if an automatic fsck … Continue reading

Posted in Uncategorized | 2 Comments