Subscribe via RSS

Tag: Willamette


On November 8th, 2008

Checking Back In

Here's Johnny!

So it's been about six months since I last took the time to update my blog - though in the meantime I've redesigned how comments are submitted to better fend off the hoard of spammers. Just today I've started receiving waves of spam url comments which appear to be from stanford.edu - but are in fact exploiting a redirection security flaw in one of their web pages to make a bunch of porn sites appear legitimate. I've notified the webmaster, we'll see if they do anything about it.

So what have I been up to for the past several months? Well I've been back at Willamette for about two months now, pursuing my Computer Science degree and doing my level best to wreck havoc on the school's network. I've been trying to set up a FTP based file sharing service on campus, though as yet I haven't found a good FTP crawler / indexer, so suggestions would be awesome. In about two weeks I'll be heading up to Eugene to participate in the ACM's ICPC programming competition - maybe I'll be inspired to write something about the tournament - we'll see.

Read More

Posted in: Digital Gemstones, Willamette

On January 1st, 2008

Stealing Cookies

No, Not Like The Cookie Monster

After reading an article about stealing cookies via using user-built webpages in subdirectories (not subdomains) of a website, I immediately thought of the personal webpages Willamette allows you to set up at willamette.edu/~username/ as a student. A website which didn't take such risks into consideration would allow any user of the system with a personal page to capture all the cookie data the real website is using, most notably PHP Sessions. Sadly Willamette uses HTTP authentication instead of cookie or Session based authentication so (at present) I can't capture anything of value. The only cookies I've so far seen willamette.edu set are cookies for Google Analytics. So at the moment Willamette seems to triumph over this particular hack, but there are countless schools out there which allow users to create their own webpage under the school's domain name with PHP, so I thought I'd let you all have a go at snagging the cookies of hapless visitors to your school's website.

Read More

Posted in: Blog, Cookies, Security, Willamette