Back to the articlehiring #
Posted Saturday 28th March 2009 16:57 GMT
i wonder if chuck can code...an ideal site admin methinks
Interweb Chuck Norris infiltrates Netflix, Tivo
Scarily cool #
Posted Friday 27th March 2009 23:49 GMT
Very slick. NoScript and Adblock were of no help there.
Seems like... #
Posted Saturday 28th March 2009 16:57 GMT
...someone should use this to add a Rick Astley documentary to peoples' Netflix queues... Assuming there is one. There's gotta be, right?
Surprise! #
Posted Saturday 28th March 2009 16:57 GMT
Just when I forgot that the web is pants, someone reminded me! Just in the nick of time, too. I was about to trust a load of websites with my naked pictures.
Scary, but it's no Chuck Norris #
Posted Sunday 29th March 2009 00:18 GMT
When someone exploits a vulnerability that steals your passwords, edits your details and finishes off by roundhouse kicking your monitor through a window, then, and only then, will they be entitled to use the Chuck Norris analogy.
Doesnt work for me #
Posted Sunday 29th March 2009 17:35 GMT
I have netflix in my "trusted zone" and of course the demo page is not in my trusted zone, so it doesnt work. So thats what "zones" are for ;)
Oops #
Posted Sunday 29th March 2009 21:21 GMT
Seems I was wrong, the "trusted zones" approach DID NOT protect against this. Oh well.
Just think... #
Posted Monday 30th March 2009 08:49 GMT
...how you could mess with the stats!
And this weeks No 1 film (by popular demand) is: ishtar!
Very nice #
Posted Monday 30th March 2009 08:49 GMT
Now that's some serious inventiveness. Well done on him, and now we'll soon see what's needed to plug the holes properly.
Interesting. #
Posted Monday 30th March 2009 08:49 GMT
I got a notification that i was not in the US.
Does anyone know if it works across browser instances ?
@ Mark McC #
Posted Monday 30th March 2009 13:49 GMT
"When someone exploits a vulnerability that steals your passwords, edits your detail"
You missed out "just with his teeth".
GET and POST #
Posted Monday 30th March 2009 13:56 GMT
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
lol? #
Posted Tuesday 31st March 2009 10:21 GMT
"While his exploits amount to little more than pranks, they point to the very sobering realization that the net isn't a very secure place."
Hi Dan,
Welcome to 1995, the year when everyone else already figured this out.
By sobering realization I can only assume you mean you've been too drunk to notice the net is inherently insecure for the last 14 years.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to lower storage costs
Using a highly integrated, feature-rich data storage solution - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Checklist: Midmarket ERP Solutions
Control your rising business costs - Comparison Guide: IP Phones
Exact details on specific IP Phone features such as function buttons, display resolution, weight and price - Service level monitoring and management
Delivering service excellence across the network
