Silk Road forums
Discussion => Security => Topic started by: Boris Badenov on July 25, 2012, 07:04 pm
-
I am worried that the admins may have put in too many snippets of code that may endanger security in SR. Look how by hovering mouse over "shop by category" all the categories appear suddenly.
In my opinion, every new feature that is implemented carries with it more and more bloated code, and the more code, the worse security may get.
BB
-
I gotta think that with every wrinkle there's got to be some step backward. What I mean is, if you put in a new feature, it must affect the overall security much more than if say, everything was in text, which would be the safest.
Any computer safety experts wish to weigh in, like Guru or somebody?
NeutronMan
-
I don't have time to go over the whole of the new code, but from reviewing the few bits you mentioned there are no security issues. It's incredibly poor coding, but no security risks.
The fact that the default Tor browser allows Javascript and that Silk Road including this forum uses Javascript is a huge security risk in itself, but that was in the old site so nothing new there.
The only risk would be if the Silk Road admins had malicious intentions, which would be self defeating so I doubt they do. The only thing I would say it that it's incredibly short sighted of them not to include some kind of "welcome to our new look site" sign on the front log in page, I bet you've got a whole shed load of people freaking out when they see that page. But then again DPR isn't a business or marketing person, just a programmer.
-
I don't have time to go over the whole of the new code, but from reviewing the few bits you mentioned there are no security issues. It's incredibly poor coding, but no security risks.
The fact that the default Tor browser allows Javascript and that Silk Road including this forum uses Javascript is a huge security risk in itself, but that was in the old site so nothing new there.
The only risk would be if the Silk Road admins had malicious intentions, which would be self defeating so I doubt they do. The only thing I would say it that it's incredibly short sighted of them not to include some kind of "welcome to our new look site" sign on the front log in page, I bet you've got a whole shed load of people freaking out when they see that page. But then again DPR isn't a business or marketing person, just a programmer.
1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.
Please stop embarrassing yourself by posting about shit you know nothing about.
-
1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.
Please stop embarrassing yourself by posting about shit you know nothing about.
1) Actually you can view the source code. By going to View --> Source Code.
2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.
3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:
from reviewing the few bits you mentioned there are no security issues
but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAABQCAYAAABMIbYpAAAACXBIWXMAAA2wAAANsAF9ZVn6AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJb9JREFUeNrEnHeYnWWZ/z/P206bc87MnKnJ9JRJT0gjIUVKCFW6oossLLoWEEX9KVZYXLHsqthBZKWIVIMQSgwhBEJIIz2ZSZ1M7/3MqW95nt8fJwRwV6Xk2n2v657r/PGW5/vc9/3cfYRUNkIZfDV7B9f8aog5i67BXXo6EjD27GCXtZ2ffr+fdODfeDr+DerOdNn2T1+jKFqEUor3cwmR+7trZ+O5R9rv/8Lh4y8triy6/PnrP3Hbp4QmbcVb7xUIUIL3e2nvaWE69PZJthztP7FQCcJ9TySEJJv1onf/7hurb7l10dpdh3980RmX7Cm082+/9pEnfvR7JYVAgVIqt4GKD3Rp7/UBXddIZ0fpHxhmMJ7K7fB74x+ZtG0cOLJq6c3fG8Mvwuzb5CObhhfXPb3YcwVSekjPQ3kSEP+7AAEMXXCodYDHm14CjPf4tMKwXGfT2mB2/TOwcGUS14b920CYPbGOrtapo71x+psG8WyFEP8HAAE0DVzhnlizduJV744C/qBdVFQ88NsfwvOPKeYsz3LVp+CMi1qid9z+xceGehMxJ+UgXckHvbQP8rAQ2luvUe+SEGiakSkpLRwBGB7UkR4kxiBWDNWznpm5ufG/7q2cVa35w773fZCdEoBvHgDvVowUCqkkoLjgoos3/Pxn99w9tb4u6bpvvWve2TCi33nFC2sfulMIDYT8PwT4nlmucoQS13zi2u+YPvPo2md6QskhP/oJVbazUFOv2HH0llsP7Dt0rkBDKfm+6X8VoAAEEpBqR8Nzy++5/9/uUEUeT/0hgJPReFPiPQdqpg+LTTt+dqvnCYTQ3jf973IQgcAknh70//GJX//GsbrCxRU+Ovsk2bTANHN3SQnhKOSVb5gz2j8UE0Lwfsk4NQtXf19XlEAIIUBTrc3tp/9l4yP/7/WtG6eXjM/DsMCfr/H6S4IzLxLkRRWeB64LmP2FLUf3TTaM+i1KeO/L5p86gMi/c9oKwFC7d+2+4LKPnP+s9A3opZUh8go0dAOKqgVP3C945mGN+Us1Vl7hMnm24sietKibopXpGrje+zP5xv+CWAowxGtb1n3+rvu+fmukalRPjwTwhzUMv0DTQDoKyyfIK/LRm7K4+6cOy8/yyC/IMJZJF4cKy9/3108RQO1vOsRCCLV23QtX/fTRa36OlcFnhQiNl7i2h0BDeoLhLoWdgqLxOhX1GgMRi2efcBgbgGm/6ipTSuI49v+tmXjLFoq/Iujr7Yn2tKUY67boPJpBtzTcrCCdUCSGof2wi26BJjQG2iXxPokVUoyNQVdn7xQhNCz8WPiw8GFgok4oxj+id81BXcs9kMVD/U11d5Eq+w4HWUdnQs2ktuSAScl4QUGpoK0xQ2m1wWifxLUVQ90OheUGugGurcjLF4TyDRJxjddf2zi99bNnWYN6v63QAYgRo4aav7OOdymiQimEUDi2R2c2RJUJNenJBPUCdMPEcd2/4qKBEOoEQIWGRhZBc19bfWmdJK9Ap3aOTluDjW4qhIC+Zhc7Lckr9KEZAk0HpaCgXLCoJEzn7j0zH9l/94w5S2bvCjEHhCJPhVAUvBeAAk94CE+CysmtAFRRCdl4lHkLJbMCX6m14wOf8IffmNHZ1XVUiyzfsHL+gvVv89hyfibWOz4wZo+Ur3/5qc9FSsHJQjqhKKowSI56CAGaCXVzfIRjGoalIQSkRiVdRzzyiwSR8SkxKXNd4AL9rNwLHUAHqXnv7pARmCCUGOcVK1Hqg7w8PZ4Yi4x09heu3frEpQ1dr34oGPHyA+MG6wfL9pZqfo9OG154dvxXLzj0ne/WLrzuR0ZSuOqEGd+e2MqgO3SChxDPjM5t6dk2Nb/ax0i3ZKjHI1qsM9rnkc0oyussiqt0hns9hrpcZFriGJAMSZq3uIS0oOzbf2D56Jw5A+GigsOtHVBUrAjn/T3D9Dap2rd/L5Yw6Wo9tnxL8oGfWMGs0bHfDDqqPzoa3VI6NiAprIJwGWhoHHtZR+iCmiU2W+8Ocv3Z918aDp6+2vNcpKeomOAwZWYAdYKfzY0H6r5/31e3uMHWkp4jiviQZMI8P+lRyeEdGaLFOpPn+xjqdjm6PQMTBOGPgDkb3A4NbwjcHo/S9urMJZOuefLznz/9i2Xlpw1rehnqXUA0kq7iwKHh8X989nsPpEu314YicOB5jYUfB8M1aN9sEPBJimuzdOz0ESn3aNoK0rOoWJYikTk+7ZJLl63Opj2UUlTU1hAIB05+IKT5WzJ9pZ1towdLCkpCaKOSsUGPwnKdsmqD7uM28T6DnoMu2TSU/LOOeVEWmVIYpo4xBaywZGisyf/DO7577Yz1v2275rqV35a8uyhDS+cX+rb3/eo3pSu3105ZZKE5QaRtkhk2KZogqV8hQSjctEHHHsXRDQb+PI2egxoCQdobLTS1NH5fGn8AzKB1IjBywVa09HbOOtrSOG20H0qqdMrrTFwHPBeKqyyyY4qDr2XxFgnK/tNC7jJJ/sCP85wPpYCwh3AUPr9G9GpYs37jxWCgnUiW/CPS0s3+WOPe1y9s3gm7/2ww2ge1p8NwuyDeraFZHm17BevvMpCuYKhDcmiDIj2qWP8LGOoZKXKCHh1yhEi5wtD1E9qow4hgwyMvfpLQqM9O50xucY2BP6STGFI4aYUo1gjcDMGvOuiGQDsri7E8iwp52M9Z0GngvmEydJOBcdTgpc1rpx5vOLZMofCU/Q9J//a37nTcsYEJOzcen/LGmiE9azuUThSU14NuQOc+jWxSkj9egTRo2+eRGpVEYiaZMY/8cGGqSpzzwIZVFeqhLf0ULmhlvFWGPTjMn1b/7l/uffEXd6RTCW2kxyO/xCQvpjHYrpAZiTdOoH3FxXemC8ctVJEDUx30UoUxWSK7NNQBH/YhQWaXQgwbjDpxnbTwV5bWrWo+1EV3Wx9drQN0tfb/j6T/6rHvugs+s+zpeR9ZuXrFsg81jHVpRS/88cD4oRadeLegZqFi1qWSotoc2CObXcom6HzokwZWyCHTE/NEnfG7Z54+5rz8TA8vzr+d8Q0Rfd22N2765T0/+GXS7TM7D3l4jkJJiBQbJIYUwoORsIt2oYN2LAD5LrLEAVsgsjpGIieu6U2CxC6bwAwdd0Si5ykSXrzijOplj0QCkXjQF8BnWH+ThEJhv5Bl7OwsMV8E280E//NHd3191dq7b3H8XWE7YTD7Yo2eIx7bHvcortW45Dsahl+x9UmH2vjKQ86kmtmt7TX2v844W+/g2aVNbZu+s3PvtnOEoRjqUgx02PhLdby4YtLsPKIlOm37U/TGHcr+Q0c3ddSMNMoBegy8XRbuEYj/xSUz5qJZgvwL/KBJRv+SxRc1+MPPH75s5oxZzzy+6gmajh3/B4beU7iui7JshC5SX7jpxtsiET20du/9nxl12kKJYcnEpRr+gEnlQpu8cof+Qz56DjosnTOt8dk1PfZNn9IoKHnj8nvvfuQxs3BYjw8qsmlJekwiBASnG0gTBoddkocdenscNJ9G9nkD/yUeWgj0437ivxeMrrNxUxJfjU7ZPB/RIPhLdDoPSrwxRWrMZnPLtsXJc+1nHv7VgxzuavrbLua3l38LeamHUaG96UEKK2Ay6/QlLy6ZfskTAXvC/h2vNdT5yoZLKqbp5JW7eA6khzSceIglk87/8Rkr5+5evnyBNpZyeufOWrjKy0YKd+/dOc1zwRAC33SN8A0CLQJuSmGPU0RO8xGaauL0eWR2KgQazk6doYcd9KBg3HyL2vkm1SWKSfMk9ac5VFVLwiUaSkpU3Bf5+Hmf/uMTW7bYQ9ceh0uAFcDKd5LR/GgzwgY6cj6gEKBrmnAsT/V2NB/L9/uO+a1Ih2ezRmkuUub89EBUUr/URau24jULrmbOeIs5sxcMvPjin2K94qWzaudrhKN+dL/kaMxFzHAxggJzmsCwDLR2DdeRZIYU/hqd1LMeiW1ZIjUGU5caVE2DzLAimxbEezSUgMJqyazzBVPONNnz1Guzfnn7Xb9dtuKSfxng9WzKtMkriv53EXUT7l/l/4XKSoeD+/dgOwkyhkek0umzwkrqltSQOWfVF5UkBjO8sfP5z9qZsleb/aX9F8ycwSt7n/+aLGwtzAuHKJks6W5zUPUSfBJtmkLTBFq/BjUOzh6F3SnxL9QILBGk92pEIhqxmIbpU0RnKJTyGG7TSPZrpIc1PAcKqjwmr4AD6+7/+GXTvnD0nx865/bimhK+ee+P/1vYb7wdnMpVPSgrKGXTwjTbsm9Q49VRciQ2MoKX9UW1gPRyTqZmKrIJk66jW86RbYH7qsbP+sEvX3tyQm/Rs5cZ+DAsjXCZi52Aow0Ca4Eg+7qG3mth92ukR20S6yWBOQbWTBhbLxEZRd0sg9JpkrxyG2FKvKzAP2JiBnPZNi8rcDMaoUKYeqHLwd4nvnL2Z760SXcWrfvevQXof+XgiEQi8Y7cihCCYDAESpF0EgSNALfcelNtU+DeA/VniaCX0XL3aZAe0jn6CnRuC3uRYFlvbEFnbOJZY76GZ/1kxzTmX5fGy2g8eZuGWqEQOsQfVag0eBmFL98idptALErTc5Og2tVZcauGFXbeUVmSdk5w7IxgrMvAywh0vyI6zsNOSka2zeicHrvqqp/9UN+aYOI7ORgKhf57CknlgPrMIIOjfSyafYa/69hThpIDJ+IogZKKQMxj+sWCictH9MG2sXHhIoHhF+g+qF/sYPgkhiUoqTVovM9G1xTSUSBBmALPkdjtAr1SR/RLpn1cECh0cO0cOKUEQiiEkQt1g36F5XdID+lkkxqJXo1YneS1xj3j3fyyu6+9dMHyjc/cNfYOgH8v9+8mEwz29VFRU+1FuqOu9Aas7LCGLz8XiykPdEsRLleAjvQU0oNgviA63sVzBaah8OcLYv9q4RxyyB4BPZiL++y4y+ifNAJHdGqmaQSi4GZyTqSSIgdSz/1WCjShMPyKSIVDakCn+XWT4npF4TiTI5275py/+PxF57J8nfZuInpHKUZUgPyK6TR1tmcMO2CjE0wP6OgBieE/scsS3KxGZkRDC7gIBAXj39J06YCrKawVDqHrXejREbZAODrYBqNrFOFjkur5kB5TeI5A03IbpeVCVYQuUUKc/B4iV4wd65coTxAp1RCM4tX4Zi1/5MvrzBH9HwPUgGDIwtPgjembO4zXJ7yU7DtwlRaUZEc1rKBESoWbNHBtwZFXDerPdRA6RKoyIHIpCekopE8iwgrPkRBViJRATwnUmEZwhklFHditGYIxsOO5ZIdugM+n3soXnFBJ7YSKWAEYG5D0HhZES6Gr0cG2hoqatm+g4/kDb9bJMcTfyEjrQESAk3XxP7dHzpg191tHe1vOGNb2jRtq8RGt8JCuwEuZHN3ssPXJJNULBfoEBZpkrMtC9ynCBS66X0Jay2WuRnU45kOmNUQAzNkZosd0hg+AdAWDrTpuGmITJX5N5jjGyTQPUoK0dTRd4M+HY5sU9csNmrZn6T2jJ79wXh61F89F+f2ARPv7STeN9q4OfnP7kwxtTh1ZNOGjf+g+DM3bwbNPiIyCbBJCUUFqFJyMACHQdEX7GzpOUsOMKFTEg24TrSGANepDVzoYEi2rEEmJk1EkBwRDrRr9TQI7/U6TJlAIBV5GkBnOiWDZVMlwp8Dwu2QT0N4SLx7UplKcFpSkNUrSOob6uwlxSV3tBJafvYD7V/2Br9d/e1ck4setEKRGBKGYRJgepXU6sy7QQbpkRxXBGATyXboaNIRtYhabuJsdaAXdJ1EhF6NIQ+SD7LHQDQclIDmUk0XXBi+rcgGveFsdUoNMXEM6oFuSWBVkUwrb9sjLh/aUv+DmH/azZtYWYqXOiVP0H4T80lP4smeR6TLp3Ve127ImjBihhnyVtbDHBF4215igCUm0HAxfbmGaKcgkYd86cJRLwTgI+wz6WiWuyJDSFJRD1TydsnkuIyU6qSGQHpgBhe7LAVLeWwUAz4XMiE4wJlGuoGOPIDXskh6BQDFExgYDU1Scbdt9RAP+d5EXBTKOZO6CG5k540bs9J6jC8WHP7ppJPSzxg1vTIsUmWRHddr2erQ3OHhKZ+G1uS0XgBWEYVuim4opHzJJDjuokEBmdUa7PJw2RUGlxBAa4SJBZhTScfBHIJifs4NvsQ9SAzquDYFCSdd+wab7PTRLYWcERdUmYbfHdCoq+W7VaXjK+scAFRD0w41fcQHBI3+czm2NN667oW7cuebhkm8d2rbvY8cOdRTGBz1A0LFfo2KfRsXc3KLGTxcMd2qEi2Cg2aO4XlI+XSc5IDm+VaCURtshhTQ1lBSkRhTxAUWkLGcG3g5OeYLUoIYZAF1XHHsd7KzEZ+TuG253SRVZmf1ZwbYNwycqye8ida9OJuIVGc+kKXGAXz/a3DW95uM3XXnZsp+MjA59bM2q1V85cLCxcMISj2i5hpMCMwjjZkr2vaARH/BIjihcqZATNUIxweQPCYZbdfYecmjdJfDnSUa6c1F/NiEY6RAECzl5inqOwMlCOCKxk4KB5tyazIDAHxL0tUqCUb+z9HI4b1Uf5V3ivVeXch1YSbqaI3Q1V7Nh38DxJfOPff+aC69Y80Jx6d2u/crpsTqP7JhA2oJAFOyszcARD1+eoL9ZUDtfMXm5jj+kEyyQRMtyepZJghnIncw9hxVWSCNWlfNLEbnTWWYFvpBkbAAGWnPIgwUKL2UhMx5WgbDyj4/H27WRcpl+v+UzAZoECa4bYOORbezf+9ruL37ptiubWnlxbGjDNJ9fkBnV8OVBeU0+ES0/e7y5yYemSI/o9B5UxKoU4VKNSKlgsFmiWyA0RWpUkhpSDLWZZJPgi+ZMkbRzG2zmKQb3K9LJEyJoCgZaXaKVYIT8xmDeS1RYP6I084HLZxJGE0xLJSgZGGDvQ/d2Ti1ffF+q38BzITWok/WyfObLV63etXvPrE2vbbx+2bLF7d3HbA5vcujYr2hvkCSHJX0tLq2NWVoO2HQfdkmNKlJjisSQOGkMhZ7ze5VSdOyVJyrKCn9Iw00blE/WGc70Bp28SWaCGMeB4++7ACo9li8t4+orLuNzF5yH0HVQ8PjmNxq3NkSzwdiQT2m5NVTVVrdGo3lHlixdduS2b90eOHfl+XdLW+PY9gwBK+r+8z/fcH/9x6Y1oFR5Yawo6wv67ZfWrp/1wGO/+uhIm07pZB3N8tAthRVRpAdNSo25q2treyY1NzdNtYI6VkgjTxOkR+O+Y4dM4+nM007MtN+7iLoekLRBpCleeJyW2BFu3uQHKQnlhbhi5qxG/65xI4jB0lCRy2inRYEzsYdQBib6QejpXC+MxM5KLvzI2Tu/dMtXP10+rgztbUuZM/O02Lbtry8d7tk1zh6z8Me8nNdk2fj7z+i+8bL/d33LmS11//mfd23IpjrCk5YKWnYr3BHpn5XImmf94qz0zIv97xWgoLLC5WvnTaDyihiRWIyMDJ0oXStM3SRYGmyfOXHRi63Z/deGiz32Pq3Td2WmT1YJtNwG6W9Wg5VShCN5HZl0luGhYWKFxbik2Zf5MkbIHTx70ZLH1nbv+bKTEph5AjMkSR5RzC244g8XXn7ZcFPTnp07jm1+6okH2q5LDIEVFAwk0pGKypLoooJ0vPaYH9S7NBNvunPnniM4X1vwN3egpfmQKi+Y8eiRvtC10bIkqbiNIfJtzfKRJEmf6I1rQsMMCMIlHppPO9rTN4QrPWKFxbza9BoffukeSrvhTv0bDx2uq/uMMJtC2bhOXrmNGi10w75pTz383C4WL5HMPrv+8Sfvybuu62CG0smCw4PJSPCM4yVaRXU7dQXwXjudNA0k3v9IoNRgv0nLvnS7PhbLuBlB+QzFlm1N4awNKRLYkfjxvLyQW1gpGD/VT8jz4hPDkqr8AtoONfDJxZ8m/VlouUPjWGVbw/SS2uNSc1FSkB4DBuoapp1e2iCdnfzrv9yO0TluT/2kqpGeZpe8mIYrM1rFRKPgT5tL+PxPFZ+/6z3qoPoHbQiD8Tbli7g9gVR1f19TR6XpV/QdP1I13GRTMjlE1XA4nl+Ul47VZ8OOZ7KySNPyO/aiqqcSKSym/uuTaR1rBSTZsOXO9E9r6TD+MlO4kqF2KNYmNM7vqUgsWVnHnFm1tB1PDNbUlXQ8v64xv36RRvFElz2Ok3fRFVlKSnUUCkNDP1WNFqqr4yDtja8Plk+c0LR316bK/HJwZefyqM/ze/gy/T3ZGUY0ETT9gsEdHjN+fkujb8JMAPzhCNO/PIMXWQfA1te2MrP74kOmjw8bfonbBfnVnvX4sSR9DTpKX8HhhqP2gtkz13SFXplRNVfR1WTjjnVNqi0P4IvmjnFj/csvnZIeNMdJEx+6j/o5KZUfnPeq0RE60+dPc7B172nDvv7KcXrV0ZQdnx4oTeqaplNXUztii9SBjoFWLDOIbdus/fwmaMm9cVNhDx+/Re+yMhoIkFlwfXH/T3/yAh19DoMzgxSdE+dn55X+Zkpy3ifGhneVW0HBqBMvSYoUvb3Z3Cm64pxzT21fU0Djgfvy9peXRnH1DGaemxlLuF7O6zATkSLQTMnESZP2pvNLj47qoIkUCXuEusQ+xp0QKDM1THYwdRR/GDs1RmoYrPJQ5nMrR+nzHeB3cjXtLyW4MxlrufWiW7730DOHf21nEoxlpKl2eOhDDiKtMKw3W/xORa8kAs0TxDsyvrwY9IxI8vIjmeBYZkz1jJD2BuxwoUkinqU8PLGxYk8YN5PLrAuzgFUPfgHNSiIUOJ7Gc1uqO7fsC6fM0tFgKg6hsnS4+HPjiZ/h55o11Ty7cTX1CZ3C0qI/+kenfE2ZO6obuvbO8qVdETvgV9wcxpgxuf6UctDwWRglRaNmPJcuTPn7il5+ceP8jyy6aE1sXOFkZ2cWX0CQseL5e5x9ZNwUUikChp+FvjsxTTMXMCu4cHpL/Kk/PzGSCnQEDV3gFUYyz99rof3sAOdevJI7Gv+NpGOza2DLaG3pjPVD2R03NLXtXrx/+4Pzprdkd4T1z2MMOl2nVkQ9k5GesQ4j33Ri45SpW8P6tgPrzq/uKl+TnBi3hQ90TdDR1Ta1qrZEczxbgkJJhWZksPzmySDNqqlpnjLu9N2vtW4bp6SgrfXQ5LrKTOSGz9weH19RJUApy7Ko6J5BadWMTdnN+g2h8h7/K+Huz7RcevqOj+aHNKPlcOKUAkyqfDa/PjHeus2ftCplvi8MgfKwHl44kfjul1wrKAiEFZmu4VBZRdBSViAjlURJiW4oeFur2CCGCk+YcjjxHBdlbUGPN1RTHWwbH8uPxN/KwAMyiTPa085oPoWzB+kc23Z+bXR+LGsPDxpf/+bEUwrQtsP4nKauvPKShrQ6vKRrh0lBMH9rp2hmxcUf2/rYtx4icGYcMxTOPHXHZjfSbwAK3TQ4545yKNNAKYTQKPJgZtC378GkhdAl6eSY31c7btzza/MOXnGFVIhcp0z95CJWLDtDvNJ6D0MtgtiEjujiqYsKA1Z00Fj33KnVQYRi6ekD2cnFczZu6XxtyeCBWLJk8ZLtL3/ubs7Z85tXz5x9UesB+Wh1zZRo+vjL53iDO0pOdiv6zxacc3WuGJpRGX6ybz0TLG1fyAi5ZnncUO4otRPyJl2wwlgvhCNkLi8hHCdfjelmXsm0FO0HNA5vi5ut8w/78swQxk7rqVPeAvuQr5kR81cjiT4YVzip7drL6zujl3+bUGF1/JLLL/9d5+7Hvpd0D8UuWLDPv/Dcuek3nzOnRlHkOOoIh2J9mM4ubbSoMpLxCobzsnE43t+WfyToMQf9RNpFkEiCp5UNR4t8Ssyxxa5Hs/6egZaKqd70A8ZHd370lAPcdrCFT8+ZP6bSUFQWbW70tSTPO+0S9jbu5akN2x8LBapu88KD417Z0Va2+S9O85sO8dWPLmfyrDAAYcJiWqBerY2uTo2vzEv3GeR179epWBjrqkACpnozsVSQDwtn1O5/bkdtZyZ1sEJID68slOeVGRhLfr/klAM8P3wOIs8e5phBKpGONq02DHUa7r99804OtRztPv9T5a1xe/8kx+ip/P5dDc1Ec22Zm6ZuYa36HgBttKkbMl9m4ZHidEFAywTywXAizJ4y7XCRELlOKgTC1dU9P7mHhsN9g4GS03Yfe6OxIpTvo2uoaMiUAYwv/ssXT32bdnsP65qfLkqkPHyoypWuCIqbvxQfHFxDzRnRlOVO6hkadSZdelVF+NPX5WGTBTSSuFzKufSTpI8+mswmPiLnuV0pUyVNmDP9rAOzNesomzehln8I4SpYAVe/eh1brDd4/aujr+AYHy6pCWcvnD2jJ6ZFMfjWqcWWHW/zVOmf6Wl5tdiMKEy7YCQ6pzyTXJfi4vv/g4KyifQ/+HstnbaRXiZvYuYW8L/1/K2cgY2NjsFQ1QhuVXdJx+CdhenDBd740tO/dsWntg7d9/NZFCLASPPKx35J5vw02+UuAhOrnp3YVHmHVWA5f3r83v7QNwswBn84dEoBNsxu4OZ/+hbfyq4wojFgQAxYl862rSt/yxcc8Jtwd/4qwQB0Z49U4s+glIVAMGjHaejMEAqGEJZOKFFKoLDn451HuvLmRK9ZZXD1mj/vtpmxYRJfmQ1t7avon/dDPN1jurToGDSaCmPjDydk/8QtTYbz8sxZGFPTU04pQKUrJu2fTHydL2YGIZkaKBlyCUcNxv79G19l/dp1XHnTXDdSBm29ieWJhPFjf8DD0A2chM7RNUEefviPdB85wuc+eXVBYemfPj141JBnXHTpL/tf/Dk3VXQyer/DT1Z5xC5dQLT6P07Gqo6vR0aDu3uOH2uefds3PhoePnTviHH1yx/0FM3V83U9FwZYBJjUPs7Yl3qiPjQJ0sZIcf/o/uBB/7Ex71NX4p87B91u7A6a0HF8x9zsoF2UVx0cUEpRFsvjP25aRnzXffx268ucP//i0x7fu796UsWCHU0d+usjT5mUqgqkVHgInmxJcECkTgL82ldWUOjras/aCSPkDUVXXfu5duOVG1/9wEFENmszPDSMX/kJGkGu/+I3Cp3I4BQrDyomOto9P3tevTJ3lPvP/hKf+adFPH7Pd4Z0P4yaTeV9A+3Vser6AYSHOtGGefMtt4rubL/qc/qWDCaGWTL+jNV7mp5yf7/9d8KXHzjZiz559R4eWvPaybW0dTZSN6XomGUKMilTK2cSxs5DOz+wWLqOS9NAK6u8ZzhuNWExlJf4qRuKOjBkdkQ/9aGlxb8/c1nfj1b/iB8+9RLlxdZ4fTkoM60NZgYnADtz4HIZuukzp4k/3P2ouuMnn1iZbAsTXDRt/YJtUUwhFfqJMSIdPvGlqXziS1PettU6r7+yef+6TQ+663qez5s0UodhWdYHBmhZFjNDU9HRmOvMwdp1pZ5nhlwBBMri1v7u1tqt9y5s+NFHfsqNhyZxfGe6yi/Bkxais8cjm0VY1pvDJaJloFce3LZl6Ws7Ni4aF5zZmBqYtPuZzht4+Po3G9F1ZtbDA49JhCZOFt27e9tobG/tEaamZpihSrcn+PfbSN61FiqFQjDVreeuB76P1IZrdhSvz9NHwO8U9+eNj7bPdVJEN04h/7Iblu1ru7U+FoH+ZCAVjpW2YhgnJ2eONnWrQw0dgY377/1BVhszJpSe/rtxjbvTl5vfQ/LWnEZ59WLQ/h2FPBl9lOQLZKZ5RlIOmn2ZnpnREu/xDzy7JBAIKQQGarA3QbVZtmBf4MU7tECP2bUl7M2b+pGvLl04Z+/EQBZ91YXRux9+4K6SFb0BIaCseFy8eFJdO7outmzYom77wXf45JU3crT/lS92hl5aGgtVjHqeuW7tlke4au+2dxTbV37+ipOd2W92byeTEdF45PDH/eUJ2lobFxuaZhgfZEZWoNNHL75Bn+odaJ+wdsuDtx/IPnGlXtIe9HmweOKH/7DstIserMwvoPfltfzyL899bXTipnmlwMH1kOlpKusf7qotryrvvWf1KPEDGaybh5YN+P/89XDI4dALembhzPFjd1zfyNPj3zExxMvV81i65531o9cPvz7xePbVJZUzYGxwcLy39VCeAfID8U9KyRPrn6x/6L9+scquODC9ai4UJUxOm7Z4U7b/nNtbr3mSZb/+M93hlNk95FRzqKqhu7EsHcgWdPp1ObZ500NNgxtf4yK9sHj5ncuu3Jy943turCPa9BIMdMphfyCa3P0zA1O+3TDp9IXjtGltCKlO2F/JkRXbJgRrhwuilWAzHNvz8sZ8IaX3AUVUM7Y3bMtra2ubnOzoqBa6PX7K6eO7O/XZ6/rueXGovL+R/oDNc0N9IlhZ5wukNDFt5lX2wgrXa2troX5muf7ihlXX9FRu+Pd0rKNKZhSBVH1btmnSxsW1H3549Z+3r5257ndUvv1Q0/0c+uwVJAMmmpQn56Yygd7rMxXr78+fkGXosMnKyh9faXzQf6WgBN6MCU+P7Nm3f/t18sHt909yWTgjSeq2OgIXzhTiPNTq59fQ/MPvqqo6IxMUktG4S15FkFh2PJ2i9WOHIq/9woy1RpWCfHNOy3lnXfCx6ARnW0Zbzu0/WEj7169Gvm2dY/FBSo43oL9tvF3XLfqy/s62sdjx3r2jdd3HkqzZ8ZczT8WApDLNND39bejNMboLIcs+gikPxnQFYAmw9FwrsqZ7LJhXxJzTT8M+fUhsPdS9bb63+Jt66owaZzCQ+lC6/k/1R9oPbOr/NaLmbObMu4A5/6P/dNE7lFJgsKfh2EtbGgPLUwePzA1OXVRfWTpuwymZAFVKQ9cNpAG6Jt8xFCpOmhFQnuSC81Zw8YUzTrh1BSyZdP2xqtj5x6IE0RMJIiETpNDOiHxWZu3/PkInTlSXBYG/rpaIOdOn6tOn3No52tTeGa0Uz5qpzfz/AQCBtkO0zmkV/QAAAABJRU5ErkJggg==" id="logo_image">
All that just to show an image.
Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.
So please stop embarrassing YOURSELF by pretending to know shit you know nothing about and then using that pretense to criticize people with amateurish pseudo-professional claims which are blatantly wrong.
Let's look at your post. Does it do anything to inform the OP or help anyone on this forum? No.
Does it just bitch at me? Yes
:-X Please
-
1) Actually you can view the source code. By going to View --> Source Code.
At a minimum you are wrong here. SR is atleast partially written in PHP - a SERVER SIDE language. What you see is just what has been rendered and passed on to your browser. What you see is only what you are meant to see. Who knows - there could be 1000's of lines of code on the server side that you would never ever see...
Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*
-
1) Actually you can view the source code. By going to View --> Source Code.
At a minimum you are wrong here. SR is atleast partially written in PHP - a SERVER SIDE language. What you see is just what has been rendered and passed on to your browser. What you see is only what you are meant to see. Who knows - there could be 1000's of lines of code on the server side that you would never ever see...
Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*
Hmm more newbies commenting on my posts...
If you'd bothered to read more than 1 line you'd see my next point was that you could:
download the entire website offline in it's original code by viewing the FTP sever as a guest.
That means how the developers (DPR) wrote it. Including all server side scripts, everything.
::)
Perhaps you should delete your post rather than embarrassing yourself.
-
1) Actually you can view the source code. By going to View --> Source Code.
At a minimum you are wrong here. SR is atleast partially written in PHP - a SERVER SIDE language. What you see is just what has been rendered and passed on to your browser. What you see is only what you are meant to see. Who knows - there could be 1000's of lines of code on the server side that you would never ever see...
Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*
Hmm more newbies commenting on my posts...
If you'd bothered to read more than 1 line you'd see my next point was that you could:
download the entire website offline in it's original code by viewing the FTP sever as a guest.
That means how the developers (DPR) wrote it. Including all server side scripts, everything.
::)
Perhaps you should delete your post rather than embarrassing yourself.
Listen you little bitch. You made me get up from my laptop on the sofa to come and sit on the big PC. So open you fucking eyes you might learn something.
-
1) Actually you can view the source code. By going to View --> Source Code.
That is the generated code you stupid fuck. SR is writen in PHP, PHP generates HTML, your browser interpretes HTML and shows you all the pretty shapes and colors you see.
You can "HACK" the fuck out of the HTML you wasting your time you fucking MORON.
2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.
I dont know where you connected but ftp://silkroadvb5piz3r.onion doesnt work for me.
IF you were able to download the source code from the actual FTP server of SR then you would be able to connect to the database and fuck anything you like up.
Also there is talk to make SR opensource. If anyone could download it there would NOT be a treat to make the code open source as it would be available to everyone.
-
3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.
Javascript is a client side interpreted language. The client side part means you can view the source of a webpage and you can actually see the original code.
PHP a server side interpreted language. The server side part means you can NOT see the original code but only see the result after the server has parsed the code.
Javascript looks like this
<script type="text/javascript">
alert('YOU ARE A MORON');
</script>
If the browser does NOT find the <script> tag then it does NOT parse the javascript.
Now view SR's source you little bitch and show me the javascript.
P.S Yes to you it must seem like voodoo.
-
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:
Quote
from reviewing the few bits you mentioned there are no security issues
but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:
All that just to show an image.
Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.
First go view google's or microsoft's or yahoo's code. There are messy like shit. Why ?? Because no one gives a shit of how html looks except if they are doing SEO and that is not needed here but even so the code is exceptionally clean.
Second the programmer only had to do <? echo $image; ?> and the image code you see get generated.
Again there CSS could have been in a separate file and included in the header as it should be.
It makes no difference if they an external CSS file or if the include the CSS in the header, expect for hierarchical purposes in the CSS itself but thats irrelevant here.
-
What FTP server allow you to anonymously connect to it and download the SR source? Clicking "view source" on your browsers only displays the HTML, which in this case is free of scripts of any kind as far as I can tell. The pop out menu tricks are done via HTML and CSS as another user has already pointed out. Adding stuff to your cart is done through HTML and HTTP a la POST submissions, not javascript. If you can actually download the SR source and audit that directly, then I guess your statements make sense. You may want to bring that to the attention of the admins though...
Torbutton does not block JS. It only disrupts certain leaks and hooks some JS functions to prevent known attacks from working. This does not protect you from vulnerabilities in the browser's javascript engine, which is why you want to block all scripts via NoScript, especially on sites like this. Also, make sure it is up to date along with the other add-ons, as well as the Tor Browser Bundle in general.
-
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.
Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.
There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.
Now go and cry to your mother like the little bitch you are.
-
Quote from: Tienamen on Today at 12:41 AM
Quote
1) Actually you can view the source code. By going to View --> Source Code.
At a minimum you are wrong here. SR is atleast partially written in PHP - a SERVER SIDE language. What you see is just what has been rendered and passed on to your browser. What you see is only what you are meant to see. Who knows - there could be 1000's of lines of code on the server side that you would never ever see...
Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*
Hmm more newbies commenting on my posts...
If you'd bothered to read more than 1 line you'd see my next point was that you could:
Quote
download the entire website offline in it's original code by viewing the FTP sever as a guest.
That means how the developers (DPR) wrote it. Including all server side scripts, everything.
::)
Perhaps you should delete your post rather than embarrassing yourself.
Wow, you really are retarded, aren't you? Thanks SteelSeth, for jumping in and putting this idiot in his place. I just don't have the time or inclination....
Whatever ftp site you're connecting to has to be run by some real retards. I would put BTC on it that DPR doesn't allow guest access to SR... (or if he did, this whole place would have been pwned a LOOONG time ago... If everyone could see the backend code, it would be trivial...)
-
This thread is full of trollery, all users should be careful.
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.
As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.
I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.
OZ :)
-
This thread is full of trollery, all users should be careful.
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.
As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.
I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.
OZ :)
WOWWWWWWW.
I thought you were a MORON, I was wrong. You are a far beyond a MORON.
I have no words.
-
Give us the address of the FTP you connect to and got the source code.
-
Tell you what. Since you know everything and I am full of shit. Name the programming language and what the below code does and Ill leave the forums and never come back.
+++++ +++++
[
> +++++ ++
> +++++ +++++
> +++
> +
<<<< -
]
> ++ .
> + .
+++++ ++ .
.
+++ .
> ++ .
<< +++++ +++++ +++++ .
> .
+++ .
----- - .
----- --- .
> + .
> .
-
Wow. I haven't seen 'Hello World' done in brainfuck for a long time. That makes me miss college.
...errr, you weren't talking to me were you? Sorry. I'll just move along now. Nothing for me to see here.
-
*yawn*... I'm done with this thread... oh yeah, and you too Oscar....
-
Wow. I haven't seen 'Hello World' done in brainfuck for a long time. That makes me miss college.
...errr, you weren't talking to me were you? Sorry. I'll just move along now. Nothing for me to see here.
Dude thats not cool. Why not let him google the fuck out of it for a few more hours ?
-
What FTP server allow you to anonymously connect to it and download the SR source? Clicking "view source" on your browsers only displays the HTML, which in this case is free of scripts of any kind as far as I can tell. The pop out menu tricks are done via HTML and CSS as another user has already pointed out. Adding stuff to your cart is done through HTML and HTTP a la POST submissions, not javascript. If you can actually download the SR source and audit that directly, then I guess your statements make sense. You may want to bring that to the attention of the admins though...
Torbutton does not block JS. It only disrupts certain leaks and hooks some JS functions to prevent known attacks from working. This does not protect you from vulnerabilities in the browser's javascript engine, which is why you want to block all scripts via NoScript, especially on sites like this. Also, make sure it is up to date along with the other add-ons, as well as the Tor Browser Bundle in general.
Love the security flames...and I hope to learn something. Whenever I fire up TOR it does say "security updates available" but when I go to the TOR site, I can't find an "update" or "new security feature" or anything that allows me to update TOR. Should I uninstall and reinstall the TOR Browser bundle?
-
the amount of stupid oscar has shown in this thread has discredited the intelligence he seemingly had in others.
it is amazing how he continues to try and defend his poor understanding of the site, instead of admit he's wrong.
-
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:
from reviewing the few bits you mentioned there are no security issues
but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:
[snip]
All that just to show an image.
Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.
this is actually excellent design when used in a hidden service. pretty much the only way to knock off a hidden service's server is with a slow-loris style attack (since tor doesn't allow syn flooding, bandwidth multiplying, udp packets, etc). if for example, on the front page, images were loaded as files instead of embedded base64 data, and the stylesheet was kept in its own file, the number of connections required to load the front page would be 17, not one (12 pics of droogs, dpr's avatar, the shopping cart, the logo, the stylesheet, and the page itself). by increasing the number of open connections at any time by a factor of 17, you're setting yourself up for a slowloris-style pwning at the hands of your innocent, unwitting users
Excellent explanation.
This thread is full of trollery, all users should be careful.
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person.
i'm kinda honored to be mentioned with kmf, dood is a hero in this game. but i'm also a sad panda because i was wrong about oscar being a federal psyops agent, this thread's made it apparent to me that he's just a fucking retard :( hanlon's razor at work i guess
this made me laugh
-
1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.
Please stop embarrassing yourself by posting about shit you know nothing about.
1) Actually you can view the source code. By going to View --> Source Code.
2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.
3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:
from reviewing the few bits you mentioned there are no security issues
but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAABQCAYAAABMIbYpAAAACXBIWXMAAA2wAAANsAF9ZVn6AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJb9JREFUeNrEnHeYnWWZ/z/P206bc87MnKnJ9JRJT0gjIUVKCFW6oossLLoWEEX9KVZYXLHsqthBZKWIVIMQSgwhBEJIIz2ZSZ1M7/3MqW95nt8fJwRwV6Xk2n2v657r/PGW5/vc9/3cfYRUNkIZfDV7B9f8aog5i67BXXo6EjD27GCXtZ2ffr+fdODfeDr+DerOdNn2T1+jKFqEUor3cwmR+7trZ+O5R9rv/8Lh4y8triy6/PnrP3Hbp4QmbcVb7xUIUIL3e2nvaWE69PZJthztP7FQCcJ9TySEJJv1onf/7hurb7l10dpdh3980RmX7Cm082+/9pEnfvR7JYVAgVIqt4GKD3Rp7/UBXddIZ0fpHxhmMJ7K7fB74x+ZtG0cOLJq6c3fG8Mvwuzb5CObhhfXPb3YcwVSekjPQ3kSEP+7AAEMXXCodYDHm14CjPf4tMKwXGfT2mB2/TOwcGUS14b920CYPbGOrtapo71x+psG8WyFEP8HAAE0DVzhnlizduJV744C/qBdVFQ88NsfwvOPKeYsz3LVp+CMi1qid9z+xceGehMxJ+UgXckHvbQP8rAQ2luvUe+SEGiakSkpLRwBGB7UkR4kxiBWDNWznpm5ufG/7q2cVa35w773fZCdEoBvHgDvVowUCqkkoLjgoos3/Pxn99w9tb4u6bpvvWve2TCi33nFC2sfulMIDYT8PwT4nlmucoQS13zi2u+YPvPo2md6QskhP/oJVbazUFOv2HH0llsP7Dt0rkBDKfm+6X8VoAAEEpBqR8Nzy++5/9/uUEUeT/0hgJPReFPiPQdqpg+LTTt+dqvnCYTQ3jf973IQgcAknh70//GJX//GsbrCxRU+Ovsk2bTANHN3SQnhKOSVb5gz2j8UE0Lwfsk4NQtXf19XlEAIIUBTrc3tp/9l4yP/7/WtG6eXjM/DsMCfr/H6S4IzLxLkRRWeB64LmP2FLUf3TTaM+i1KeO/L5p86gMi/c9oKwFC7d+2+4LKPnP+s9A3opZUh8go0dAOKqgVP3C945mGN+Us1Vl7hMnm24sietKibopXpGrje+zP5xv+CWAowxGtb1n3+rvu+fmukalRPjwTwhzUMv0DTQDoKyyfIK/LRm7K4+6cOy8/yyC/IMJZJF4cKy9/3108RQO1vOsRCCLV23QtX/fTRa36OlcFnhQiNl7i2h0BDeoLhLoWdgqLxOhX1GgMRi2efcBgbgGm/6ipTSuI49v+tmXjLFoq/Iujr7Yn2tKUY67boPJpBtzTcrCCdUCSGof2wi26BJjQG2iXxPokVUoyNQVdn7xQhNCz8WPiw8GFgok4oxj+id81BXcs9kMVD/U11d5Eq+w4HWUdnQs2ktuSAScl4QUGpoK0xQ2m1wWifxLUVQ90OheUGugGurcjLF4TyDRJxjddf2zi99bNnWYN6v63QAYgRo4aav7OOdymiQimEUDi2R2c2RJUJNenJBPUCdMPEcd2/4qKBEOoEQIWGRhZBc19bfWmdJK9Ap3aOTluDjW4qhIC+Zhc7Lckr9KEZAk0HpaCgXLCoJEzn7j0zH9l/94w5S2bvCjEHhCJPhVAUvBeAAk94CE+CysmtAFRRCdl4lHkLJbMCX6m14wOf8IffmNHZ1XVUiyzfsHL+gvVv89hyfibWOz4wZo+Ur3/5qc9FSsHJQjqhKKowSI56CAGaCXVzfIRjGoalIQSkRiVdRzzyiwSR8SkxKXNd4AL9rNwLHUAHqXnv7pARmCCUGOcVK1Hqg7w8PZ4Yi4x09heu3frEpQ1dr34oGPHyA+MG6wfL9pZqfo9OG154dvxXLzj0ne/WLrzuR0ZSuOqEGd+e2MqgO3SChxDPjM5t6dk2Nb/ax0i3ZKjHI1qsM9rnkc0oyussiqt0hns9hrpcZFriGJAMSZq3uIS0oOzbf2D56Jw5A+GigsOtHVBUrAjn/T3D9Dap2rd/L5Yw6Wo9tnxL8oGfWMGs0bHfDDqqPzoa3VI6NiAprIJwGWhoHHtZR+iCmiU2W+8Ocv3Z918aDp6+2vNcpKeomOAwZWYAdYKfzY0H6r5/31e3uMHWkp4jiviQZMI8P+lRyeEdGaLFOpPn+xjqdjm6PQMTBOGPgDkb3A4NbwjcHo/S9urMJZOuefLznz/9i2Xlpw1rehnqXUA0kq7iwKHh8X989nsPpEu314YicOB5jYUfB8M1aN9sEPBJimuzdOz0ESn3aNoK0rOoWJYikTk+7ZJLl63Opj2UUlTU1hAIB05+IKT5WzJ9pZ1towdLCkpCaKOSsUGPwnKdsmqD7uM28T6DnoMu2TSU/LOOeVEWmVIYpo4xBaywZGisyf/DO7577Yz1v2275rqV35a8uyhDS+cX+rb3/eo3pSu3105ZZKE5QaRtkhk2KZogqV8hQSjctEHHHsXRDQb+PI2egxoCQdobLTS1NH5fGn8AzKB1IjBywVa09HbOOtrSOG20H0qqdMrrTFwHPBeKqyyyY4qDr2XxFgnK/tNC7jJJ/sCP85wPpYCwh3AUPr9G9GpYs37jxWCgnUiW/CPS0s3+WOPe1y9s3gm7/2ww2ge1p8NwuyDeraFZHm17BevvMpCuYKhDcmiDIj2qWP8LGOoZKXKCHh1yhEi5wtD1E9qow4hgwyMvfpLQqM9O50xucY2BP6STGFI4aYUo1gjcDMGvOuiGQDsri7E8iwp52M9Z0GngvmEydJOBcdTgpc1rpx5vOLZMofCU/Q9J//a37nTcsYEJOzcen/LGmiE9azuUThSU14NuQOc+jWxSkj9egTRo2+eRGpVEYiaZMY/8cGGqSpzzwIZVFeqhLf0ULmhlvFWGPTjMn1b/7l/uffEXd6RTCW2kxyO/xCQvpjHYrpAZiTdOoH3FxXemC8ctVJEDUx30UoUxWSK7NNQBH/YhQWaXQgwbjDpxnbTwV5bWrWo+1EV3Wx9drQN0tfb/j6T/6rHvugs+s+zpeR9ZuXrFsg81jHVpRS/88cD4oRadeLegZqFi1qWSotoc2CObXcom6HzokwZWyCHTE/NEnfG7Z54+5rz8TA8vzr+d8Q0Rfd22N2765T0/+GXS7TM7D3l4jkJJiBQbJIYUwoORsIt2oYN2LAD5LrLEAVsgsjpGIieu6U2CxC6bwAwdd0Si5ykSXrzijOplj0QCkXjQF8BnWH+ThEJhv5Bl7OwsMV8E280E//NHd3191dq7b3H8XWE7YTD7Yo2eIx7bHvcortW45Dsahl+x9UmH2vjKQ86kmtmt7TX2v844W+/g2aVNbZu+s3PvtnOEoRjqUgx02PhLdby4YtLsPKIlOm37U/TGHcr+Q0c3ddSMNMoBegy8XRbuEYj/xSUz5qJZgvwL/KBJRv+SxRc1+MPPH75s5oxZzzy+6gmajh3/B4beU7iui7JshC5SX7jpxtsiET20du/9nxl12kKJYcnEpRr+gEnlQpu8cof+Qz56DjosnTOt8dk1PfZNn9IoKHnj8nvvfuQxs3BYjw8qsmlJekwiBASnG0gTBoddkocdenscNJ9G9nkD/yUeWgj0437ivxeMrrNxUxJfjU7ZPB/RIPhLdDoPSrwxRWrMZnPLtsXJc+1nHv7VgxzuavrbLua3l38LeamHUaG96UEKK2Ay6/QlLy6ZfskTAXvC/h2vNdT5yoZLKqbp5JW7eA6khzSceIglk87/8Rkr5+5evnyBNpZyeufOWrjKy0YKd+/dOc1zwRAC33SN8A0CLQJuSmGPU0RO8xGaauL0eWR2KgQazk6doYcd9KBg3HyL2vkm1SWKSfMk9ac5VFVLwiUaSkpU3Bf5+Hmf/uMTW7bYQ9ceh0uAFcDKd5LR/GgzwgY6cj6gEKBrmnAsT/V2NB/L9/uO+a1Ih2ezRmkuUub89EBUUr/URau24jULrmbOeIs5sxcMvPjin2K94qWzaudrhKN+dL/kaMxFzHAxggJzmsCwDLR2DdeRZIYU/hqd1LMeiW1ZIjUGU5caVE2DzLAimxbEezSUgMJqyazzBVPONNnz1Guzfnn7Xb9dtuKSfxng9WzKtMkriv53EXUT7l/l/4XKSoeD+/dgOwkyhkek0umzwkrqltSQOWfVF5UkBjO8sfP5z9qZsleb/aX9F8ycwSt7n/+aLGwtzAuHKJks6W5zUPUSfBJtmkLTBFq/BjUOzh6F3SnxL9QILBGk92pEIhqxmIbpU0RnKJTyGG7TSPZrpIc1PAcKqjwmr4AD6+7/+GXTvnD0nx865/bimhK+ee+P/1vYb7wdnMpVPSgrKGXTwjTbsm9Q49VRciQ2MoKX9UW1gPRyTqZmKrIJk66jW86RbYH7qsbP+sEvX3tyQm/Rs5cZ+DAsjXCZi52Aow0Ca4Eg+7qG3mth92ukR20S6yWBOQbWTBhbLxEZRd0sg9JpkrxyG2FKvKzAP2JiBnPZNi8rcDMaoUKYeqHLwd4nvnL2Z760SXcWrfvevQXof+XgiEQi8Y7cihCCYDAESpF0EgSNALfcelNtU+DeA/VniaCX0XL3aZAe0jn6CnRuC3uRYFlvbEFnbOJZY76GZ/1kxzTmX5fGy2g8eZuGWqEQOsQfVag0eBmFL98idptALErTc5Og2tVZcauGFXbeUVmSdk5w7IxgrMvAywh0vyI6zsNOSka2zeicHrvqqp/9UN+aYOI7ORgKhf57CknlgPrMIIOjfSyafYa/69hThpIDJ+IogZKKQMxj+sWCictH9MG2sXHhIoHhF+g+qF/sYPgkhiUoqTVovM9G1xTSUSBBmALPkdjtAr1SR/RLpn1cECh0cO0cOKUEQiiEkQt1g36F5XdID+lkkxqJXo1YneS1xj3j3fyyu6+9dMHyjc/cNfYOgH8v9+8mEwz29VFRU+1FuqOu9Aas7LCGLz8XiykPdEsRLleAjvQU0oNgviA63sVzBaah8OcLYv9q4RxyyB4BPZiL++y4y+ifNAJHdGqmaQSi4GZyTqSSIgdSz/1WCjShMPyKSIVDakCn+XWT4npF4TiTI5275py/+PxF57J8nfZuInpHKUZUgPyK6TR1tmcMO2CjE0wP6OgBieE/scsS3KxGZkRDC7gIBAXj39J06YCrKawVDqHrXejREbZAODrYBqNrFOFjkur5kB5TeI5A03IbpeVCVYQuUUKc/B4iV4wd65coTxAp1RCM4tX4Zi1/5MvrzBH9HwPUgGDIwtPgjembO4zXJ7yU7DtwlRaUZEc1rKBESoWbNHBtwZFXDerPdRA6RKoyIHIpCekopE8iwgrPkRBViJRATwnUmEZwhklFHditGYIxsOO5ZIdugM+n3soXnFBJ7YSKWAEYG5D0HhZES6Gr0cG2hoqatm+g4/kDb9bJMcTfyEjrQESAk3XxP7dHzpg191tHe1vOGNb2jRtq8RGt8JCuwEuZHN3ssPXJJNULBfoEBZpkrMtC9ynCBS66X0Jay2WuRnU45kOmNUQAzNkZosd0hg+AdAWDrTpuGmITJX5N5jjGyTQPUoK0dTRd4M+HY5sU9csNmrZn6T2jJ79wXh61F89F+f2ARPv7STeN9q4OfnP7kwxtTh1ZNOGjf+g+DM3bwbNPiIyCbBJCUUFqFJyMACHQdEX7GzpOUsOMKFTEg24TrSGANepDVzoYEi2rEEmJk1EkBwRDrRr9TQI7/U6TJlAIBV5GkBnOiWDZVMlwp8Dwu2QT0N4SLx7UplKcFpSkNUrSOob6uwlxSV3tBJafvYD7V/2Br9d/e1ck4setEKRGBKGYRJgepXU6sy7QQbpkRxXBGATyXboaNIRtYhabuJsdaAXdJ1EhF6NIQ+SD7LHQDQclIDmUk0XXBi+rcgGveFsdUoNMXEM6oFuSWBVkUwrb9sjLh/aUv+DmH/azZtYWYqXOiVP0H4T80lP4smeR6TLp3Ve127ImjBihhnyVtbDHBF4215igCUm0HAxfbmGaKcgkYd86cJRLwTgI+wz6WiWuyJDSFJRD1TydsnkuIyU6qSGQHpgBhe7LAVLeWwUAz4XMiE4wJlGuoGOPIDXskh6BQDFExgYDU1Scbdt9RAP+d5EXBTKOZO6CG5k540bs9J6jC8WHP7ppJPSzxg1vTIsUmWRHddr2erQ3OHhKZ+G1uS0XgBWEYVuim4opHzJJDjuokEBmdUa7PJw2RUGlxBAa4SJBZhTScfBHIJifs4NvsQ9SAzquDYFCSdd+wab7PTRLYWcERdUmYbfHdCoq+W7VaXjK+scAFRD0w41fcQHBI3+czm2NN667oW7cuebhkm8d2rbvY8cOdRTGBz1A0LFfo2KfRsXc3KLGTxcMd2qEi2Cg2aO4XlI+XSc5IDm+VaCURtshhTQ1lBSkRhTxAUWkLGcG3g5OeYLUoIYZAF1XHHsd7KzEZ+TuG253SRVZmf1ZwbYNwycqye8ida9OJuIVGc+kKXGAXz/a3DW95uM3XXnZsp+MjA59bM2q1V85cLCxcMISj2i5hpMCMwjjZkr2vaARH/BIjihcqZATNUIxweQPCYZbdfYecmjdJfDnSUa6c1F/NiEY6RAECzl5inqOwMlCOCKxk4KB5tyazIDAHxL0tUqCUb+z9HI4b1Uf5V3ivVeXch1YSbqaI3Q1V7Nh38DxJfOPff+aC69Y80Jx6d2u/crpsTqP7JhA2oJAFOyszcARD1+eoL9ZUDtfMXm5jj+kEyyQRMtyepZJghnIncw9hxVWSCNWlfNLEbnTWWYFvpBkbAAGWnPIgwUKL2UhMx5WgbDyj4/H27WRcpl+v+UzAZoECa4bYOORbezf+9ruL37ptiubWnlxbGjDNJ9fkBnV8OVBeU0+ES0/e7y5yYemSI/o9B5UxKoU4VKNSKlgsFmiWyA0RWpUkhpSDLWZZJPgi+ZMkbRzG2zmKQb3K9LJEyJoCgZaXaKVYIT8xmDeS1RYP6I084HLZxJGE0xLJSgZGGDvQ/d2Ti1ffF+q38BzITWok/WyfObLV63etXvPrE2vbbx+2bLF7d3HbA5vcujYr2hvkCSHJX0tLq2NWVoO2HQfdkmNKlJjisSQOGkMhZ7ze5VSdOyVJyrKCn9Iw00blE/WGc70Bp28SWaCGMeB4++7ACo9li8t4+orLuNzF5yH0HVQ8PjmNxq3NkSzwdiQT2m5NVTVVrdGo3lHlixdduS2b90eOHfl+XdLW+PY9gwBK+r+8z/fcH/9x6Y1oFR5Yawo6wv67ZfWrp/1wGO/+uhIm07pZB3N8tAthRVRpAdNSo25q2treyY1NzdNtYI6VkgjTxOkR+O+Y4dM4+nM007MtN+7iLoekLRBpCleeJyW2BFu3uQHKQnlhbhi5qxG/65xI4jB0lCRy2inRYEzsYdQBib6QejpXC+MxM5KLvzI2Tu/dMtXP10+rgztbUuZM/O02Lbtry8d7tk1zh6z8Me8nNdk2fj7z+i+8bL/d33LmS11//mfd23IpjrCk5YKWnYr3BHpn5XImmf94qz0zIv97xWgoLLC5WvnTaDyihiRWIyMDJ0oXStM3SRYGmyfOXHRi63Z/deGiz32Pq3Td2WmT1YJtNwG6W9Wg5VShCN5HZl0luGhYWKFxbik2Zf5MkbIHTx70ZLH1nbv+bKTEph5AjMkSR5RzC244g8XXn7ZcFPTnp07jm1+6okH2q5LDIEVFAwk0pGKypLoooJ0vPaYH9S7NBNvunPnniM4X1vwN3egpfmQKi+Y8eiRvtC10bIkqbiNIfJtzfKRJEmf6I1rQsMMCMIlHppPO9rTN4QrPWKFxbza9BoffukeSrvhTv0bDx2uq/uMMJtC2bhOXrmNGi10w75pTz383C4WL5HMPrv+8Sfvybuu62CG0smCw4PJSPCM4yVaRXU7dQXwXjudNA0k3v9IoNRgv0nLvnS7PhbLuBlB+QzFlm1N4awNKRLYkfjxvLyQW1gpGD/VT8jz4hPDkqr8AtoONfDJxZ8m/VlouUPjWGVbw/SS2uNSc1FSkB4DBuoapp1e2iCdnfzrv9yO0TluT/2kqpGeZpe8mIYrM1rFRKPgT5tL+PxPFZ+/6z3qoPoHbQiD8Tbli7g9gVR1f19TR6XpV/QdP1I13GRTMjlE1XA4nl+Ul47VZ8OOZ7KySNPyO/aiqqcSKSym/uuTaR1rBSTZsOXO9E9r6TD+MlO4kqF2KNYmNM7vqUgsWVnHnFm1tB1PDNbUlXQ8v64xv36RRvFElz2Ok3fRFVlKSnUUCkNDP1WNFqqr4yDtja8Plk+c0LR316bK/HJwZefyqM/ze/gy/T3ZGUY0ETT9gsEdHjN+fkujb8JMAPzhCNO/PIMXWQfA1te2MrP74kOmjw8bfonbBfnVnvX4sSR9DTpKX8HhhqP2gtkz13SFXplRNVfR1WTjjnVNqi0P4IvmjnFj/csvnZIeNMdJEx+6j/o5KZUfnPeq0RE60+dPc7B172nDvv7KcXrV0ZQdnx4oTeqaplNXUztii9SBjoFWLDOIbdus/fwmaMm9cVNhDx+/Re+yMhoIkFlwfXH/T3/yAh19DoMzgxSdE+dn55X+Zkpy3ifGhneVW0HBqBMvSYoUvb3Z3Cm64pxzT21fU0Djgfvy9peXRnH1DGaemxlLuF7O6zATkSLQTMnESZP2pvNLj47qoIkUCXuEusQ+xp0QKDM1THYwdRR/GDs1RmoYrPJQ5nMrR+nzHeB3cjXtLyW4MxlrufWiW7730DOHf21nEoxlpKl2eOhDDiKtMKw3W/xORa8kAs0TxDsyvrwY9IxI8vIjmeBYZkz1jJD2BuxwoUkinqU8PLGxYk8YN5PLrAuzgFUPfgHNSiIUOJ7Gc1uqO7fsC6fM0tFgKg6hsnS4+HPjiZ/h55o11Ty7cTX1CZ3C0qI/+kenfE2ZO6obuvbO8qVdETvgV9wcxpgxuf6UctDwWRglRaNmPJcuTPn7il5+ceP8jyy6aE1sXOFkZ2cWX0CQseL5e5x9ZNwUUikChp+FvjsxTTMXMCu4cHpL/Kk/PzGSCnQEDV3gFUYyz99rof3sAOdevJI7Gv+NpGOza2DLaG3pjPVD2R03NLXtXrx/+4Pzprdkd4T1z2MMOl2nVkQ9k5GesQ4j33Ri45SpW8P6tgPrzq/uKl+TnBi3hQ90TdDR1Ta1qrZEczxbgkJJhWZksPzmySDNqqlpnjLu9N2vtW4bp6SgrfXQ5LrKTOSGz9weH19RJUApy7Ko6J5BadWMTdnN+g2h8h7/K+Huz7RcevqOj+aHNKPlcOKUAkyqfDa/PjHeus2ftCplvi8MgfKwHl44kfjul1wrKAiEFZmu4VBZRdBSViAjlURJiW4oeFur2CCGCk+YcjjxHBdlbUGPN1RTHWwbH8uPxN/KwAMyiTPa085oPoWzB+kc23Z+bXR+LGsPDxpf/+bEUwrQtsP4nKauvPKShrQ6vKRrh0lBMH9rp2hmxcUf2/rYtx4icGYcMxTOPHXHZjfSbwAK3TQ4545yKNNAKYTQKPJgZtC378GkhdAl6eSY31c7btzza/MOXnGFVIhcp0z95CJWLDtDvNJ6D0MtgtiEjujiqYsKA1Z00Fj33KnVQYRi6ekD2cnFczZu6XxtyeCBWLJk8ZLtL3/ubs7Z85tXz5x9UesB+Wh1zZRo+vjL53iDO0pOdiv6zxacc3WuGJpRGX6ybz0TLG1fyAi5ZnncUO4otRPyJl2wwlgvhCNkLi8hHCdfjelmXsm0FO0HNA5vi5ut8w/78swQxk7rqVPeAvuQr5kR81cjiT4YVzip7drL6zujl3+bUGF1/JLLL/9d5+7Hvpd0D8UuWLDPv/Dcuek3nzOnRlHkOOoIh2J9mM4ubbSoMpLxCobzsnE43t+WfyToMQf9RNpFkEiCp5UNR4t8Ssyxxa5Hs/6egZaKqd70A8ZHd370lAPcdrCFT8+ZP6bSUFQWbW70tSTPO+0S9jbu5akN2x8LBapu88KD417Z0Va2+S9O85sO8dWPLmfyrDAAYcJiWqBerY2uTo2vzEv3GeR179epWBjrqkACpnozsVSQDwtn1O5/bkdtZyZ1sEJID68slOeVGRhLfr/klAM8P3wOIs8e5phBKpGONq02DHUa7r99804OtRztPv9T5a1xe/8kx+ip/P5dDc1Ec22Zm6ZuYa36HgBttKkbMl9m4ZHidEFAywTywXAizJ4y7XCRELlOKgTC1dU9P7mHhsN9g4GS03Yfe6OxIpTvo2uoaMiUAYwv/ssXT32bdnsP65qfLkqkPHyoypWuCIqbvxQfHFxDzRnRlOVO6hkadSZdelVF+NPX5WGTBTSSuFzKufSTpI8+mswmPiLnuV0pUyVNmDP9rAOzNesomzehln8I4SpYAVe/eh1brDd4/aujr+AYHy6pCWcvnD2jJ6ZFMfjWqcWWHW/zVOmf6Wl5tdiMKEy7YCQ6pzyTXJfi4vv/g4KyifQ/+HstnbaRXiZvYuYW8L/1/K2cgY2NjsFQ1QhuVXdJx+CdhenDBd740tO/dsWntg7d9/NZFCLASPPKx35J5vw02+UuAhOrnp3YVHmHVWA5f3r83v7QNwswBn84dEoBNsxu4OZ/+hbfyq4wojFgQAxYl862rSt/yxcc8Jtwd/4qwQB0Z49U4s+glIVAMGjHaejMEAqGEJZOKFFKoLDn451HuvLmRK9ZZXD1mj/vtpmxYRJfmQ1t7avon/dDPN1jurToGDSaCmPjDydk/8QtTYbz8sxZGFPTU04pQKUrJu2fTHydL2YGIZkaKBlyCUcNxv79G19l/dp1XHnTXDdSBm29ieWJhPFjf8DD0A2chM7RNUEefviPdB85wuc+eXVBYemfPj141JBnXHTpL/tf/Dk3VXQyer/DT1Z5xC5dQLT6P07Gqo6vR0aDu3uOH2uefds3PhoePnTviHH1yx/0FM3V83U9FwZYBJjUPs7Yl3qiPjQJ0sZIcf/o/uBB/7Ex71NX4p87B91u7A6a0HF8x9zsoF2UVx0cUEpRFsvjP25aRnzXffx268ucP//i0x7fu796UsWCHU0d+usjT5mUqgqkVHgInmxJcECkTgL82ldWUOjras/aCSPkDUVXXfu5duOVG1/9wEFENmszPDSMX/kJGkGu/+I3Cp3I4BQrDyomOto9P3tevTJ3lPvP/hKf+adFPH7Pd4Z0P4yaTeV9A+3Vser6AYSHOtGGefMtt4rubL/qc/qWDCaGWTL+jNV7mp5yf7/9d8KXHzjZiz559R4eWvPaybW0dTZSN6XomGUKMilTK2cSxs5DOz+wWLqOS9NAK6u8ZzhuNWExlJf4qRuKOjBkdkQ/9aGlxb8/c1nfj1b/iB8+9RLlxdZ4fTkoM60NZgYnADtz4HIZuukzp4k/3P2ouuMnn1iZbAsTXDRt/YJtUUwhFfqJMSIdPvGlqXziS1PettU6r7+yef+6TQ+663qez5s0UodhWdYHBmhZFjNDU9HRmOvMwdp1pZ5nhlwBBMri1v7u1tqt9y5s+NFHfsqNhyZxfGe6yi/Bkxais8cjm0VY1pvDJaJloFce3LZl6Ws7Ni4aF5zZmBqYtPuZzht4+Po3G9F1ZtbDA49JhCZOFt27e9tobG/tEaamZpihSrcn+PfbSN61FiqFQjDVreeuB76P1IZrdhSvz9NHwO8U9+eNj7bPdVJEN04h/7Iblu1ru7U+FoH+ZCAVjpW2YhgnJ2eONnWrQw0dgY377/1BVhszJpSe/rtxjbvTl5vfQ/LWnEZ59WLQ/h2FPBl9lOQLZKZ5RlIOmn2ZnpnREu/xDzy7JBAIKQQGarA3QbVZtmBf4MU7tECP2bUl7M2b+pGvLl04Z+/EQBZ91YXRux9+4K6SFb0BIaCseFy8eFJdO7outmzYom77wXf45JU3crT/lS92hl5aGgtVjHqeuW7tlke4au+2dxTbV37+ipOd2W92byeTEdF45PDH/eUJ2lobFxuaZhgfZEZWoNNHL75Bn+odaJ+wdsuDtx/IPnGlXtIe9HmweOKH/7DstIserMwvoPfltfzyL899bXTipnmlwMH1kOlpKusf7qotryrvvWf1KPEDGaybh5YN+P/89XDI4dALembhzPFjd1zfyNPj3zExxMvV81i65531o9cPvz7xePbVJZUzYGxwcLy39VCeAfID8U9KyRPrn6x/6L9+scquODC9ai4UJUxOm7Z4U7b/nNtbr3mSZb/+M93hlNk95FRzqKqhu7EsHcgWdPp1ObZ500NNgxtf4yK9sHj5ncuu3Jy943turCPa9BIMdMphfyCa3P0zA1O+3TDp9IXjtGltCKlO2F/JkRXbJgRrhwuilWAzHNvz8sZ8IaX3AUVUM7Y3bMtra2ubnOzoqBa6PX7K6eO7O/XZ6/rueXGovL+R/oDNc0N9IlhZ5wukNDFt5lX2wgrXa2troX5muf7ihlXX9FRu+Pd0rKNKZhSBVH1btmnSxsW1H3549Z+3r5257ndUvv1Q0/0c+uwVJAMmmpQn56Yygd7rMxXr78+fkGXosMnKyh9faXzQf6WgBN6MCU+P7Nm3f/t18sHt909yWTgjSeq2OgIXzhTiPNTq59fQ/MPvqqo6IxMUktG4S15FkFh2PJ2i9WOHIq/9woy1RpWCfHNOy3lnXfCx6ARnW0Zbzu0/WEj7169Gvm2dY/FBSo43oL9tvF3XLfqy/s62sdjx3r2jdd3HkqzZ8ZczT8WApDLNND39bejNMboLIcs+gikPxnQFYAmw9FwrsqZ7LJhXxJzTT8M+fUhsPdS9bb63+Jt66owaZzCQ+lC6/k/1R9oPbOr/NaLmbObMu4A5/6P/dNE7lFJgsKfh2EtbGgPLUwePzA1OXVRfWTpuwymZAFVKQ9cNpAG6Jt8xFCpOmhFQnuSC81Zw8YUzTrh1BSyZdP2xqtj5x6IE0RMJIiETpNDOiHxWZu3/PkInTlSXBYG/rpaIOdOn6tOn3No52tTeGa0Uz5qpzfz/AQCBtkO0zmkV/QAAAABJRU5ErkJggg==" id="logo_image">
All that just to show an image.
Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.
So please stop embarrassing YOURSELF by pretending to know shit you know nothing about and then using that pretense to criticize people with amateurish pseudo-professional claims which are blatantly wrong.
Let's look at your post. Does it do anything to inform the OP or help anyone on this forum? No.
Does it just bitch at me? Yes
:-X Please
You can only download the generated HTML, maybe you should learn how web programming actually works.
-
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.
Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.
There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.
Now go and cry to your mother like the little bitch you are.
Javascript by itself can compromise your security because it can be used to pwn browser vulnerabilities, and in fact it frequently is used to do so. Malicious javascript can pwn browsers.
-
This thread is full of trollery, all users should be careful.
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.
As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.
I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.
OZ :)
Anyone who knows how PHP works knows that you are full of shit
the amount of stupid oscar has shown in this thread has discredited the intelligence he seemingly had in others.
it is amazing how he continues to try and defend his poor understanding of the site, instead of admit he's wrong.
He shows stupid in every thread that he posts in, maybe this is just the first time you have known enough about the topic at hand to recognize the stupid.
-
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person.
Shit, you got me. That's it boys, pack up the gear and let's go home. They finally got us, those drug addled genius bastards. It was only a matter of time I suppose...
Not but really, I wasn't even flaming or trying to be a dick. Just clarifying a few things about PHP, Javascript, and the TBB. I mean, you claimed to have anonymous FTP access to what I presume is SR's web server. Come on man...
-
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.
Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.
There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.
Now go and cry to your mother like the little bitch you are.
Javascript by itself can compromise your security because it can be used to pwn browser vulnerabilities, and in fact it frequently is used to do so. Malicious javascript can pwn browsers.
90% of the javascript vulnerabilities I come across to is XSS or script kiddies messing around.
I have not seen a vulnerability like the one you are suggesting for atleast 3 years. Usually the attacker will use some plugin like PDF or flash to run its code.
Now if you are running FF 3.5 or IE 6 then I suppose such vulnerabilities do exist.
If you know of any vulnerabilities that would use javascript to exploit a modern browser I will love to hear about them. (Seriously Im not trying to be clever nor am I saying I know everything, I am genuinely interested)
-
Although modern JS engines are reasonably secure, allowing scripting of any kind is still an unnecessary risk when browsing SR and related sites. Why gamble with Murphy's Law? This risk can be mitigated easily with one click on the integrated NoScript add-on (that you should also update), so there's really no reason to take it, particularly when using resources that aren't supposed to contain client-side scripting anyway.
-
I not saying its a good idea to keep javascript enabled or that is a good idea to keep anything else enabled that is unnecessary.
I just saying that Oscar's statement that javascript is a huge security risk is false.
-
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:
from reviewing the few bits you mentioned there are no security issues
but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:
[snip]
All that just to show an image.
Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.
this is actually excellent design when used in a hidden service. pretty much the only way to knock off a hidden service's server is with a slow-loris style attack (since tor doesn't allow syn flooding, bandwidth multiplying, udp packets, etc). if for example, on the front page, images were loaded as files instead of embedded base64 data, and the stylesheet was kept in its own file, the number of connections required to load the front page would be 17, not one (12 pics of droogs, dpr's avatar, the shopping cart, the logo, the stylesheet, and the page itself). by increasing the number of open connections at any time by a factor of 17, you're setting yourself up for a slowloris-style pwning at the hands of your innocent, unwitting users
Excellent explanation.
This thread is full of trollery, all users should be careful.
It's obvious "steelseth", "kmfkewm", "Shannon", "sourman" and "Tienamen" are the same person.
i'm kinda honored to be mentioned with kmf, dood is a hero in this game. but i'm also a sad panda because i was wrong about oscar being a federal psyops agent, this thread's made it apparent to me that he's just a fucking retard :( hanlon's razor at work i guess
this made me laugh
Thnks for the Tor update tip. This discussion is like watching professional athletes in battle: Displays of power, strategy, knowledge, skill and opponent/ally analysis are quite apparent even though I couldn't tell that there was an amateur that snuck in until the feeding frenzy left bits of Oscar scattered on the inside of my screen :o
-
^Definitely! Good info ITT.
Steelseth, yeah I get what you're saying. It's not a huge risk; just making sure anyone who reads this knows to disable javascript just in case.