Comments on: Political party websites revisited http://coda.co.za/blog/2006/01/16/political-party-websites-revisited dress up. leave a false name. be legendary. Fri, 13 Jan 2012 02:30:43 +0200 http://wordpress.org/?v=2.9 hourly 1 By: Est http://coda.co.za/blog/2006/01/16/political-party-websites-revisited#comment-1166 Est Tue, 17 Jan 2006 13:01:46 +0000 http://coda.co.za/blog/2006/01/16/political-party-websites-revisited#comment-1166 Hmmm, interesting. Just one thing though, on the not-so-technical side of electioneering...i've thought quite a lot about the ID, 'cause I don't feel I could vote ANC with a clean conscience, and don't think I'm far enough down the cynical whitie-road to vote DA either, but reading an interview with their mayoral candidate for Cape Town, Simon Grindrod, in last week's Mail&Guardian really changed my mind. I might be convinced to vote for De Lille (tho' I didn't last election due to her ridiculous number of campaign faux pas'es - or whatever the plural is), but he sounds like a complete twat (go to http://www.mg.co.za/articleList.aspx?area=/insight/insight__national/, but you have to be a subscriber...) Hmmm, interesting. Just one thing though, on the not-so-technical side of electioneering…i’ve thought quite a lot about the ID, ’cause I don’t feel I could vote ANC with a clean conscience, and don’t think I’m far enough down the cynical whitie-road to vote DA either, but reading an interview with their mayoral candidate for Cape Town, Simon Grindrod, in last week’s Mail&Guardian really changed my mind. I might be convinced to vote for De Lille (tho’ I didn’t last election due to her ridiculous number of campaign faux pas’es – or whatever the plural is), but he sounds like a complete twat (go to http://www.mg.co.za/articleList.aspx?area=/insight/insight__national/, but you have to be a subscriber…)

]]> By: juan/opyate http://coda.co.za/blog/2006/01/16/political-party-websites-revisited#comment-1165 juan/opyate Tue, 17 Jan 2006 01:48:58 +0000 http://coda.co.za/blog/2006/01/16/political-party-websites-revisited#comment-1165 Hi Coda! On hacking sites - you would think that even the Big Boys play the game right. 5 years ago I found a hole in MWeb's MySite system. You can utilise any of your fellow MWeb subscribers' 20MB webspace provided you are an MWeb subscriber and you are logged in (luckily they got the session thing right). The system could be fooled by substituting another username (in this case hidden form variable, a big no-no for senitive data) before POSTing. Googling for "@mweb.co.za" yielded a bunch of usernames. Multiply that by 20MB and you have a considerable amount of free storage. This was pre-2GB GMail, hence a welcome prospect. But, I was (am!) a good boy, so I let them know ;-) And then there's the countless SQL-injectable sites, badly chosen passwords and gullible telephone support staff... fun fun fun. Like that time I hacked RAU University... Hi Coda!

On hacking sites – you would think that even the Big Boys play the game right. 5 years ago I found a hole in MWeb’s MySite system. You can utilise any of your fellow MWeb subscribers’ 20MB webspace provided you are an MWeb subscriber and you are logged in (luckily they got the session thing right). The system could be fooled by substituting another username (in this case hidden form variable, a big no-no for senitive data) before POSTing. Googling for “@mweb.co.za” yielded a bunch of usernames. Multiply that by 20MB and you have a considerable amount of free storage. This was pre-2GB GMail, hence a welcome prospect.

But, I was (am!) a good boy, so I let them know ;-)

And then there’s the countless SQL-injectable sites, badly chosen passwords and gullible telephone support staff… fun fun fun. Like that time I hacked RAU University…

]]>