An observation on Facebook security
What's that Google Chrome? You say stuff on this page isn't all secure? If that's true, I've got some requests going through in plaintext. Requests with my session cookie in them. Facebook couldn't be so sloppy, I've gotta consult with my buddy Wireshark. BRB
Well hello there little fella. Facebook is transmitting unsecured images on secure pages.
Well wow. That just happened. Uh, facebook, it's getting kinda akward, I think I'm gonna call it a night.
Just out of curiousity, I wonder what image that was...
F... Flixter? Of course! The Facebook apps! The weakest security point on Facebook! Checking the other images, sure enough, they are third party Facebook app icons.
Mwahahaha, I have found a huge hole in Facebook. I can see it now, someone will write a Facebook "virus" that collects cookies through malicious images, and automatically connects to sessions server-side and harvests accounts by the millions.
Hey wait. I'm back at the home screen of www.new.facebook.com, and I'm not even in HTTPS mode.
Oh.
The entire new facebook is completely unsecured. They aren't even trying. Dorm kids are probably already hijacking eachothers' accounts as we speak, in fact, they're so over it by now.
The lesson of the day: If you never try, you can never fail!
that or you always fail...
Apple puts the lid on free-for-all iTunes artwork, again
I hope you album art addicts out there went on a rampage for these few weeks iTunes turned off their album art authentication, because they just flipped the switch back to the "on" position. I guess you can go back to cracking their encryption now!
Oh well. There is always Def.
But now I really need a UK iTunes account so I can go back to the [Drag to iTunes] + [.ITC + BitmapRip] method for the bigger UK copies of the art Def can't get.
Would anyone in the UK care to buy me a £5 gift certificate so I can make a UK iTunes account? :) That is the only way to do it without a UK billing address on your credit card. And yes, it has to be bought from a legitimate UK iTunes account. Trust me, I've poked!
27 Sep 07 | +Permalink+ | Comments (3)A year later, Apple stops encrypting artwork. Def.
A year ago, Apple began encrypting their iTMS artwork to prevent non-iTunes users from accessing it. It worked pretty darn well. A year later, they suddenly have stopped encrypting artwork. Maybe they caught wind of my secret project? (more below) In addition to removing encryption, they have upped the resolution of their artwork to up to the full 1500x1500 that the press gets access to, in a move I've predicted for some time now. Most albums I have checked are still much lower resolution than that, but that may change in time.
Example: 900x900 / The Go! Team - Proof of Youth (straight off of phobos)
And with that, I'd like to give a little gift to anyone who still checks a blog that hasn't been updated in almost a year.
Def
You may have noticed that my posts stopped when the quest for iTunes artwork came to a halt. Well, my quest for giant artwork never did.Around the time I stopped posting, I began exploring the world of press assets. For about 10 months I explored every secret corner of the internet, in search of these press assets. Ultra high resolution album artwork. Through the use of some custom tools and del.icio.us, I compiled a large collection of insider/private/public sites that PR firms, labels, and members of the press use to distribute pre-print high def artwork.
Jump to July, I began molding this press collection into a web app to streamline my giant cover grabbing process. Now that it might be on the verge of becoming obsolete, I'd like to show you my creation that I've been keeping from the world. I have a way to access the same print quality high resolution artwork that is given to members of the press.
I call it Def.
Enjoy, but keep it to yourself. Do not post Def to digg/reddit etc, or it will be shut down. By me. Because otherwise, it will be by THEM.
[EDIT: Did I forget to stress how big of a deal it is that iTunes Store got high res artwork? I just got a 3709x3709 cover for Prefuse 73 - Extinguished: Outtakes from the UK iTunes Store, which seems to have much bigger art than the US Store. Warp Records press assets are generally hard to come by, this is huge. ]
17 Sep 07 | +Permalink+ | Comments (5)Telekinesis
requirement 1: brain interface
requirement 2: nano machines that can fly and work together to lift things thousands of times their size
In 40 years, I WILL move things with my mind.
27 Oct 06 | +Permalink+ | Comments (1)IM threads (concept)
You've been there- you're talking to someone about multiple things at once and having trouble keeping track of the topics. Enter IM threads. A way to physically separate the different things you're talking to someone about so you don't lose track and forget about them.
I'm using the term "threads" in the sense of threads in a forum. A different thread for each topic.
Implementation:
Normal client view:
"(2:01 PM) marv: [halloween] what are you going to be for halloween?"
"(2:04 PM) marv: [project] the four ducks need to be emphasized more."
"(2:05 PM) elephantjones: [project] why?"
"(2:05 PM) elephantjones: [halloween] I dunno"
Every "halloween" message would be in the same tab, or be color coded, or ___
Every "project" message would be in a different tab, or different color, or ____
IM threads view:
[[halloween]]
"(2:01 PM) marv: what are you going to be for halloween?"
"(2:05 PM) elephantjones: I dunno"
[[project]]
"(2:04 PM) marv: the four ducks need to be emphasized more."
"(2:05 PM) elephantjones: why?"
The beauty of this method of implementation is that it can be manually typed by someone without the proper plug-in. Thus the backwards compatibility.