Silk Road forums

Discussion => Security => Topic started by: Boris Badenov on July 25, 2012, 07:04 pm

Title: Worried about new unsafe codes
Post by: Boris Badenov on July 25, 2012, 07:04 pm
I am worried that the admins may have put in too many snippets of code that may endanger security in SR. Look how by hovering mouse over "shop by category" all the categories appear suddenly.

In my opinion, every new feature that is implemented carries with it more and more bloated code, and the more code, the worse security may get.

BB
Title: Re: Worried about new unsafe codes
Post by: NeutronMan on July 25, 2012, 10:59 pm
I gotta think that with every wrinkle there's got to be some step backward. What I mean is, if you put in a new feature, it must affect the overall security much more than if say, everything was in text, which would be the safest.

Any computer safety experts wish to weigh in, like Guru or somebody?

NeutronMan
Title: Re: Worried about new unsafe codes
Post by: oscarzululondon on July 25, 2012, 11:09 pm
I don't have time to go over the whole of the new code, but from reviewing the few bits you mentioned there are no security issues. It's incredibly poor coding, but no security risks.

The fact that the default Tor browser allows Javascript and that Silk Road including this forum uses Javascript is a huge security risk in itself, but that was in the old site so nothing new there.

The only risk would be if the Silk Road admins had malicious intentions, which would be self defeating so I doubt they do. The only thing I would say it that it's incredibly short sighted of them not to include some kind of "welcome to our new look site" sign on the front log in page, I bet you've got a whole shed load of people freaking out when they see that page. But then again DPR isn't a business or marketing person, just a programmer.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 12:02 am
I don't have time to go over the whole of the new code, but from reviewing the few bits you mentioned there are no security issues. It's incredibly poor coding, but no security risks.

The fact that the default Tor browser allows Javascript and that Silk Road including this forum uses Javascript is a huge security risk in itself, but that was in the old site so nothing new there.

The only risk would be if the Silk Road admins had malicious intentions, which would be self defeating so I doubt they do. The only thing I would say it that it's incredibly short sighted of them not to include some kind of "welcome to our new look site" sign on the front log in page, I bet you've got a whole shed load of people freaking out when they see that page. But then again DPR isn't a business or marketing person, just a programmer.

1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.

Please stop embarrassing yourself by posting about shit you know nothing about.
Title: Re: Worried about new unsafe codes
Post by: oscarzululondon on July 26, 2012, 12:33 am
1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.

Please stop embarrassing yourself by posting about shit you know nothing about.

1) Actually you can view the source code. By going to View --> Source Code.

2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.

3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.

6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:

Quote
from reviewing the few bits you mentioned there are no security issues

but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:

Quote
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAABQCAYAAABMIbYpAAAACXBIWXMAAA2wAAANsAF9ZVn6AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJb9JREFUeNrEnHeYnWWZ/z/P206bc87MnKnJ9JRJT0gjIUVKCFW6oossLLoWEEX9KVZYXLHsqthBZKWIVIMQSgwhBEJIIz2ZSZ1M7/3MqW95nt8fJwRwV6Xk2n2v657r/PGW5/vc9/3cfYRUNkIZfDV7B9f8aog5i67BXXo6EjD27GCXtZ2ffr+fdODfeDr+DerOdNn2T1+jKFqEUor3cwmR+7trZ+O5R9rv/8Lh4y8triy6/PnrP3Hbp4QmbcVb7xUIUIL3e2nvaWE69PZJthztP7FQCcJ9TySEJJv1onf/7hurb7l10dpdh3980RmX7Cm082+/9pEnfvR7JYVAgVIqt4GKD3Rp7/UBXddIZ0fpHxhmMJ7K7fB74x+ZtG0cOLJq6c3fG8Mvwuzb5CObhhfXPb3YcwVSekjPQ3kSEP+7AAEMXXCodYDHm14CjPf4tMKwXGfT2mB2/TOwcGUS14b920CYPbGOrtapo71x+psG8WyFEP8HAAE0DVzhnlizduJV744C/qBdVFQ88NsfwvOPKeYsz3LVp+CMi1qid9z+xceGehMxJ+UgXckHvbQP8rAQ2luvUe+SEGiakSkpLRwBGB7UkR4kxiBWDNWznpm5ufG/7q2cVa35w773fZCdEoBvHgDvVowUCqkkoLjgoos3/Pxn99w9tb4u6bpvvWve2TCi33nFC2sfulMIDYT8PwT4nlmucoQS13zi2u+YPvPo2md6QskhP/oJVbazUFOv2HH0llsP7Dt0rkBDKfm+6X8VoAAEEpBqR8Nzy++5/9/uUEUeT/0hgJPReFPiPQdqpg+LTTt+dqvnCYTQ3jf973IQgcAknh70//GJX//GsbrCxRU+Ovsk2bTANHN3SQnhKOSVb5gz2j8UE0Lwfsk4NQtXf19XlEAIIUBTrc3tp/9l4yP/7/WtG6eXjM/DsMCfr/H6S4IzLxLkRRWeB64LmP2FLUf3TTaM+i1KeO/L5p86gMi/c9oKwFC7d+2+4LKPnP+s9A3opZUh8go0dAOKqgVP3C945mGN+Us1Vl7hMnm24sietKibopXpGrje+zP5xv+CWAowxGtb1n3+rvu+fmukalRPjwTwhzUMv0DTQDoKyyfIK/LRm7K4+6cOy8/yyC/IMJZJF4cKy9/3108RQO1vOsRCCLV23QtX/fTRa36OlcFnhQiNl7i2h0BDeoLhLoWdgqLxOhX1GgMRi2efcBgbgGm/6ipTSuI49v+tmXjLFoq/Iujr7Yn2tKUY67boPJpBtzTcrCCdUCSGof2wi26BJjQG2iXxPokVUoyNQVdn7xQhNCz8WPiw8GFgok4oxj+id81BXcs9kMVD/U11d5Eq+w4HWUdnQs2ktuSAScl4QUGpoK0xQ2m1wWifxLUVQ90OheUGugGurcjLF4TyDRJxjddf2zi99bNnWYN6v63QAYgRo4aav7OOdymiQimEUDi2R2c2RJUJNenJBPUCdMPEcd2/4qKBEOoEQIWGRhZBc19bfWmdJK9Ap3aOTluDjW4qhIC+Zhc7Lckr9KEZAk0HpaCgXLCoJEzn7j0zH9l/94w5S2bvCjEHhCJPhVAUvBeAAk94CE+CysmtAFRRCdl4lHkLJbMCX6m14wOf8IffmNHZ1XVUiyzfsHL+gvVv89hyfibWOz4wZo+Ur3/5qc9FSsHJQjqhKKowSI56CAGaCXVzfIRjGoalIQSkRiVdRzzyiwSR8SkxKXNd4AL9rNwLHUAHqXnv7pARmCCUGOcVK1Hqg7w8PZ4Yi4x09heu3frEpQ1dr34oGPHyA+MG6wfL9pZqfo9OG154dvxXLzj0ne/WLrzuR0ZSuOqEGd+e2MqgO3SChxDPjM5t6dk2Nb/ax0i3ZKjHI1qsM9rnkc0oyussiqt0hns9hrpcZFriGJAMSZq3uIS0oOzbf2D56Jw5A+GigsOtHVBUrAjn/T3D9Dap2rd/L5Yw6Wo9tnxL8oGfWMGs0bHfDDqqPzoa3VI6NiAprIJwGWhoHHtZR+iCmiU2W+8Ocv3Z918aDp6+2vNcpKeomOAwZWYAdYKfzY0H6r5/31e3uMHWkp4jiviQZMI8P+lRyeEdGaLFOpPn+xjqdjm6PQMTBOGPgDkb3A4NbwjcHo/S9urMJZOuefLznz/9i2Xlpw1rehnqXUA0kq7iwKHh8X989nsPpEu314YicOB5jYUfB8M1aN9sEPBJimuzdOz0ESn3aNoK0rOoWJYikTk+7ZJLl63Opj2UUlTU1hAIB05+IKT5WzJ9pZ1towdLCkpCaKOSsUGPwnKdsmqD7uM28T6DnoMu2TSU/LOOeVEWmVIYpo4xBaywZGisyf/DO7577Yz1v2275rqV35a8uyhDS+cX+rb3/eo3pSu3105ZZKE5QaRtkhk2KZogqV8hQSjctEHHHsXRDQb+PI2egxoCQdobLTS1NH5fGn8AzKB1IjBywVa09HbOOtrSOG20H0qqdMrrTFwHPBeKqyyyY4qDr2XxFgnK/tNC7jJJ/sCP85wPpYCwh3AUPr9G9GpYs37jxWCgnUiW/CPS0s3+WOPe1y9s3gm7/2ww2ge1p8NwuyDeraFZHm17BevvMpCuYKhDcmiDIj2qWP8LGOoZKXKCHh1yhEi5wtD1E9qow4hgwyMvfpLQqM9O50xucY2BP6STGFI4aYUo1gjcDMGvOuiGQDsri7E8iwp52M9Z0GngvmEydJOBcdTgpc1rpx5vOLZMofCU/Q9J//a37nTcsYEJOzcen/LGmiE9azuUThSU14NuQOc+jWxSkj9egTRo2+eRGpVEYiaZMY/8cGGqSpzzwIZVFeqhLf0ULmhlvFWGPTjMn1b/7l/uffEXd6RTCW2kxyO/xCQvpjHYrpAZiTdOoH3FxXemC8ctVJEDUx30UoUxWSK7NNQBH/YhQWaXQgwbjDpxnbTwV5bWrWo+1EV3Wx9drQN0tfb/j6T/6rHvugs+s+zpeR9ZuXrFsg81jHVpRS/88cD4oRadeLegZqFi1qWSotoc2CObXcom6HzokwZWyCHTE/NEnfG7Z54+5rz8TA8vzr+d8Q0Rfd22N2765T0/+GXS7TM7D3l4jkJJiBQbJIYUwoORsIt2oYN2LAD5LrLEAVsgsjpGIieu6U2CxC6bwAwdd0Si5ykSXrzijOplj0QCkXjQF8BnWH+ThEJhv5Bl7OwsMV8E280E//NHd3191dq7b3H8XWE7YTD7Yo2eIx7bHvcortW45Dsahl+x9UmH2vjKQ86kmtmt7TX2v844W+/g2aVNbZu+s3PvtnOEoRjqUgx02PhLdby4YtLsPKIlOm37U/TGHcr+Q0c3ddSMNMoBegy8XRbuEYj/xSUz5qJZgvwL/KBJRv+SxRc1+MPPH75s5oxZzzy+6gmajh3/B4beU7iui7JshC5SX7jpxtsiET20du/9nxl12kKJYcnEpRr+gEnlQpu8cof+Qz56DjosnTOt8dk1PfZNn9IoKHnj8nvvfuQxs3BYjw8qsmlJekwiBASnG0gTBoddkocdenscNJ9G9nkD/yUeWgj0437ivxeMrrNxUxJfjU7ZPB/RIPhLdDoPSrwxRWrMZnPLtsXJc+1nHv7VgxzuavrbLua3l38LeamHUaG96UEKK2Ay6/QlLy6ZfskTAXvC/h2vNdT5yoZLKqbp5JW7eA6khzSceIglk87/8Rkr5+5evnyBNpZyeufOWrjKy0YKd+/dOc1zwRAC33SN8A0CLQJuSmGPU0RO8xGaauL0eWR2KgQazk6doYcd9KBg3HyL2vkm1SWKSfMk9ac5VFVLwiUaSkpU3Bf5+Hmf/uMTW7bYQ9ceh0uAFcDKd5LR/GgzwgY6cj6gEKBrmnAsT/V2NB/L9/uO+a1Ih2ezRmkuUub89EBUUr/URau24jULrmbOeIs5sxcMvPjin2K94qWzaudrhKN+dL/kaMxFzHAxggJzmsCwDLR2DdeRZIYU/hqd1LMeiW1ZIjUGU5caVE2DzLAimxbEezSUgMJqyazzBVPONNnz1Guzfnn7Xb9dtuKSfxng9WzKtMkriv53EXUT7l/l/4XKSoeD+/dgOwkyhkek0umzwkrqltSQOWfVF5UkBjO8sfP5z9qZsleb/aX9F8ycwSt7n/+aLGwtzAuHKJks6W5zUPUSfBJtmkLTBFq/BjUOzh6F3SnxL9QILBGk92pEIhqxmIbpU0RnKJTyGG7TSPZrpIc1PAcKqjwmr4AD6+7/+GXTvnD0nx865/bimhK+ee+P/1vYb7wdnMpVPSgrKGXTwjTbsm9Q49VRciQ2MoKX9UW1gPRyTqZmKrIJk66jW86RbYH7qsbP+sEvX3tyQm/Rs5cZ+DAsjXCZi52Aow0Ca4Eg+7qG3mth92ukR20S6yWBOQbWTBhbLxEZRd0sg9JpkrxyG2FKvKzAP2JiBnPZNi8rcDMaoUKYeqHLwd4nvnL2Z760SXcWrfvevQXof+XgiEQi8Y7cihCCYDAESpF0EgSNALfcelNtU+DeA/VniaCX0XL3aZAe0jn6CnRuC3uRYFlvbEFnbOJZY76GZ/1kxzTmX5fGy2g8eZuGWqEQOsQfVag0eBmFL98idptALErTc5Og2tVZcauGFXbeUVmSdk5w7IxgrMvAywh0vyI6zsNOSka2zeicHrvqqp/9UN+aYOI7ORgKhf57CknlgPrMIIOjfSyafYa/69hThpIDJ+IogZKKQMxj+sWCictH9MG2sXHhIoHhF+g+qF/sYPgkhiUoqTVovM9G1xTSUSBBmALPkdjtAr1SR/RLpn1cECh0cO0cOKUEQiiEkQt1g36F5XdID+lkkxqJXo1YneS1xj3j3fyyu6+9dMHyjc/cNfYOgH8v9+8mEwz29VFRU+1FuqOu9Aas7LCGLz8XiykPdEsRLleAjvQU0oNgviA63sVzBaah8OcLYv9q4RxyyB4BPZiL++y4y+ifNAJHdGqmaQSi4GZyTqSSIgdSz/1WCjShMPyKSIVDakCn+XWT4npF4TiTI5275py/+PxF57J8nfZuInpHKUZUgPyK6TR1tmcMO2CjE0wP6OgBieE/scsS3KxGZkRDC7gIBAXj39J06YCrKawVDqHrXejREbZAODrYBqNrFOFjkur5kB5TeI5A03IbpeVCVYQuUUKc/B4iV4wd65coTxAp1RCM4tX4Zi1/5MvrzBH9HwPUgGDIwtPgjembO4zXJ7yU7DtwlRaUZEc1rKBESoWbNHBtwZFXDerPdRA6RKoyIHIpCekopE8iwgrPkRBViJRATwnUmEZwhklFHditGYIxsOO5ZIdugM+n3soXnFBJ7YSKWAEYG5D0HhZES6Gr0cG2hoqatm+g4/kDb9bJMcTfyEjrQESAk3XxP7dHzpg191tHe1vOGNb2jRtq8RGt8JCuwEuZHN3ssPXJJNULBfoEBZpkrMtC9ynCBS66X0Jay2WuRnU45kOmNUQAzNkZosd0hg+AdAWDrTpuGmITJX5N5jjGyTQPUoK0dTRd4M+HY5sU9csNmrZn6T2jJ79wXh61F89F+f2ARPv7STeN9q4OfnP7kwxtTh1ZNOGjf+g+DM3bwbNPiIyCbBJCUUFqFJyMACHQdEX7GzpOUsOMKFTEg24TrSGANepDVzoYEi2rEEmJk1EkBwRDrRr9TQI7/U6TJlAIBV5GkBnOiWDZVMlwp8Dwu2QT0N4SLx7UplKcFpSkNUrSOob6uwlxSV3tBJafvYD7V/2Br9d/e1ck4setEKRGBKGYRJgepXU6sy7QQbpkRxXBGATyXboaNIRtYhabuJsdaAXdJ1EhF6NIQ+SD7LHQDQclIDmUk0XXBi+rcgGveFsdUoNMXEM6oFuSWBVkUwrb9sjLh/aUv+DmH/azZtYWYqXOiVP0H4T80lP4smeR6TLp3Ve127ImjBihhnyVtbDHBF4215igCUm0HAxfbmGaKcgkYd86cJRLwTgI+wz6WiWuyJDSFJRD1TydsnkuIyU6qSGQHpgBhe7LAVLeWwUAz4XMiE4wJlGuoGOPIDXskh6BQDFExgYDU1Scbdt9RAP+d5EXBTKOZO6CG5k540bs9J6jC8WHP7ppJPSzxg1vTIsUmWRHddr2erQ3OHhKZ+G1uS0XgBWEYVuim4opHzJJDjuokEBmdUa7PJw2RUGlxBAa4SJBZhTScfBHIJifs4NvsQ9SAzquDYFCSdd+wab7PTRLYWcERdUmYbfHdCoq+W7VaXjK+scAFRD0w41fcQHBI3+czm2NN667oW7cuebhkm8d2rbvY8cOdRTGBz1A0LFfo2KfRsXc3KLGTxcMd2qEi2Cg2aO4XlI+XSc5IDm+VaCURtshhTQ1lBSkRhTxAUWkLGcG3g5OeYLUoIYZAF1XHHsd7KzEZ+TuG253SRVZmf1ZwbYNwycqye8ida9OJuIVGc+kKXGAXz/a3DW95uM3XXnZsp+MjA59bM2q1V85cLCxcMISj2i5hpMCMwjjZkr2vaARH/BIjihcqZATNUIxweQPCYZbdfYecmjdJfDnSUa6c1F/NiEY6RAECzl5inqOwMlCOCKxk4KB5tyazIDAHxL0tUqCUb+z9HI4b1Uf5V3ivVeXch1YSbqaI3Q1V7Nh38DxJfOPff+aC69Y80Jx6d2u/crpsTqP7JhA2oJAFOyszcARD1+eoL9ZUDtfMXm5jj+kEyyQRMtyepZJghnIncw9hxVWSCNWlfNLEbnTWWYFvpBkbAAGWnPIgwUKL2UhMx5WgbDyj4/H27WRcpl+v+UzAZoECa4bYOORbezf+9ruL37ptiubWnlxbGjDNJ9fkBnV8OVBeU0+ES0/e7y5yYemSI/o9B5UxKoU4VKNSKlgsFmiWyA0RWpUkhpSDLWZZJPgi+ZMkbRzG2zmKQb3K9LJEyJoCgZaXaKVYIT8xmDeS1RYP6I084HLZxJGE0xLJSgZGGDvQ/d2Ti1ffF+q38BzITWok/WyfObLV63etXvPrE2vbbx+2bLF7d3HbA5vcujYr2hvkCSHJX0tLq2NWVoO2HQfdkmNKlJjisSQOGkMhZ7ze5VSdOyVJyrKCn9Iw00blE/WGc70Bp28SWaCGMeB4++7ACo9li8t4+orLuNzF5yH0HVQ8PjmNxq3NkSzwdiQT2m5NVTVVrdGo3lHlixdduS2b90eOHfl+XdLW+PY9gwBK+r+8z/fcH/9x6Y1oFR5Yawo6wv67ZfWrp/1wGO/+uhIm07pZB3N8tAthRVRpAdNSo25q2treyY1NzdNtYI6VkgjTxOkR+O+Y4dM4+nM007MtN+7iLoekLRBpCleeJyW2BFu3uQHKQnlhbhi5qxG/65xI4jB0lCRy2inRYEzsYdQBib6QejpXC+MxM5KLvzI2Tu/dMtXP10+rgztbUuZM/O02Lbtry8d7tk1zh6z8Me8nNdk2fj7z+i+8bL/d33LmS11//mfd23IpjrCk5YKWnYr3BHpn5XImmf94qz0zIv97xWgoLLC5WvnTaDyihiRWIyMDJ0oXStM3SRYGmyfOXHRi63Z/deGiz32Pq3Td2WmT1YJtNwG6W9Wg5VShCN5HZl0luGhYWKFxbik2Zf5MkbIHTx70ZLH1nbv+bKTEph5AjMkSR5RzC244g8XXn7ZcFPTnp07jm1+6okH2q5LDIEVFAwk0pGKypLoooJ0vPaYH9S7NBNvunPnniM4X1vwN3egpfmQKi+Y8eiRvtC10bIkqbiNIfJtzfKRJEmf6I1rQsMMCMIlHppPO9rTN4QrPWKFxbza9BoffukeSrvhTv0bDx2uq/uMMJtC2bhOXrmNGi10w75pTz383C4WL5HMPrv+8Sfvybuu62CG0smCw4PJSPCM4yVaRXU7dQXwXjudNA0k3v9IoNRgv0nLvnS7PhbLuBlB+QzFlm1N4awNKRLYkfjxvLyQW1gpGD/VT8jz4hPDkqr8AtoONfDJxZ8m/VlouUPjWGVbw/SS2uNSc1FSkB4DBuoapp1e2iCdnfzrv9yO0TluT/2kqpGeZpe8mIYrM1rFRKPgT5tL+PxPFZ+/6z3qoPoHbQiD8Tbli7g9gVR1f19TR6XpV/QdP1I13GRTMjlE1XA4nl+Ul47VZ8OOZ7KySNPyO/aiqqcSKSym/uuTaR1rBSTZsOXO9E9r6TD+MlO4kqF2KNYmNM7vqUgsWVnHnFm1tB1PDNbUlXQ8v64xv36RRvFElz2Ok3fRFVlKSnUUCkNDP1WNFqqr4yDtja8Plk+c0LR316bK/HJwZefyqM/ze/gy/T3ZGUY0ETT9gsEdHjN+fkujb8JMAPzhCNO/PIMXWQfA1te2MrP74kOmjw8bfonbBfnVnvX4sSR9DTpKX8HhhqP2gtkz13SFXplRNVfR1WTjjnVNqi0P4IvmjnFj/csvnZIeNMdJEx+6j/o5KZUfnPeq0RE60+dPc7B172nDvv7KcXrV0ZQdnx4oTeqaplNXUztii9SBjoFWLDOIbdus/fwmaMm9cVNhDx+/Re+yMhoIkFlwfXH/T3/yAh19DoMzgxSdE+dn55X+Zkpy3ifGhneVW0HBqBMvSYoUvb3Z3Cm64pxzT21fU0Djgfvy9peXRnH1DGaemxlLuF7O6zATkSLQTMnESZP2pvNLj47qoIkUCXuEusQ+xp0QKDM1THYwdRR/GDs1RmoYrPJQ5nMrR+nzHeB3cjXtLyW4MxlrufWiW7730DOHf21nEoxlpKl2eOhDDiKtMKw3W/xORa8kAs0TxDsyvrwY9IxI8vIjmeBYZkz1jJD2BuxwoUkinqU8PLGxYk8YN5PLrAuzgFUPfgHNSiIUOJ7Gc1uqO7fsC6fM0tFgKg6hsnS4+HPjiZ/h55o11Ty7cTX1CZ3C0qI/+kenfE2ZO6obuvbO8qVdETvgV9wcxpgxuf6UctDwWRglRaNmPJcuTPn7il5+ceP8jyy6aE1sXOFkZ2cWX0CQseL5e5x9ZNwUUikChp+FvjsxTTMXMCu4cHpL/Kk/PzGSCnQEDV3gFUYyz99rof3sAOdevJI7Gv+NpGOza2DLaG3pjPVD2R03NLXtXrx/+4Pzprdkd4T1z2MMOl2nVkQ9k5GesQ4j33Ri45SpW8P6tgPrzq/uKl+TnBi3hQ90TdDR1Ta1qrZEczxbgkJJhWZksPzmySDNqqlpnjLu9N2vtW4bp6SgrfXQ5LrKTOSGz9weH19RJUApy7Ko6J5BadWMTdnN+g2h8h7/K+Huz7RcevqOj+aHNKPlcOKUAkyqfDa/PjHeus2ftCplvi8MgfKwHl44kfjul1wrKAiEFZmu4VBZRdBSViAjlURJiW4oeFur2CCGCk+YcjjxHBdlbUGPN1RTHWwbH8uPxN/KwAMyiTPa085oPoWzB+kc23Z+bXR+LGsPDxpf/+bEUwrQtsP4nKauvPKShrQ6vKRrh0lBMH9rp2hmxcUf2/rYtx4icGYcMxTOPHXHZjfSbwAK3TQ4545yKNNAKYTQKPJgZtC378GkhdAl6eSY31c7btzza/MOXnGFVIhcp0z95CJWLDtDvNJ6D0MtgtiEjujiqYsKA1Z00Fj33KnVQYRi6ekD2cnFczZu6XxtyeCBWLJk8ZLtL3/ubs7Z85tXz5x9UesB+Wh1zZRo+vjL53iDO0pOdiv6zxacc3WuGJpRGX6ybz0TLG1fyAi5ZnncUO4otRPyJl2wwlgvhCNkLi8hHCdfjelmXsm0FO0HNA5vi5ut8w/78swQxk7rqVPeAvuQr5kR81cjiT4YVzip7drL6zujl3+bUGF1/JLLL/9d5+7Hvpd0D8UuWLDPv/Dcuek3nzOnRlHkOOoIh2J9mM4ubbSoMpLxCobzsnE43t+WfyToMQf9RNpFkEiCp5UNR4t8Ssyxxa5Hs/6egZaKqd70A8ZHd370lAPcdrCFT8+ZP6bSUFQWbW70tSTPO+0S9jbu5akN2x8LBapu88KD417Z0Va2+S9O85sO8dWPLmfyrDAAYcJiWqBerY2uTo2vzEv3GeR179epWBjrqkACpnozsVSQDwtn1O5/bkdtZyZ1sEJID68slOeVGRhLfr/klAM8P3wOIs8e5phBKpGONq02DHUa7r99804OtRztPv9T5a1xe/8kx+ip/P5dDc1Ec22Zm6ZuYa36HgBttKkbMl9m4ZHidEFAywTywXAizJ4y7XCRELlOKgTC1dU9P7mHhsN9g4GS03Yfe6OxIpTvo2uoaMiUAYwv/ssXT32bdnsP65qfLkqkPHyoypWuCIqbvxQfHFxDzRnRlOVO6hkadSZdelVF+NPX5WGTBTSSuFzKufSTpI8+mswmPiLnuV0pUyVNmDP9rAOzNesomzehln8I4SpYAVe/eh1brDd4/aujr+AYHy6pCWcvnD2jJ6ZFMfjWqcWWHW/zVOmf6Wl5tdiMKEy7YCQ6pzyTXJfi4vv/g4KyifQ/+HstnbaRXiZvYuYW8L/1/K2cgY2NjsFQ1QhuVXdJx+CdhenDBd740tO/dsWntg7d9/NZFCLASPPKx35J5vw02+UuAhOrnp3YVHmHVWA5f3r83v7QNwswBn84dEoBNsxu4OZ/+hbfyq4wojFgQAxYl862rSt/yxcc8Jtwd/4qwQB0Z49U4s+glIVAMGjHaejMEAqGEJZOKFFKoLDn451HuvLmRK9ZZXD1mj/vtpmxYRJfmQ1t7avon/dDPN1jurToGDSaCmPjDydk/8QtTYbz8sxZGFPTU04pQKUrJu2fTHydL2YGIZkaKBlyCUcNxv79G19l/dp1XHnTXDdSBm29ieWJhPFjf8DD0A2chM7RNUEefviPdB85wuc+eXVBYemfPj141JBnXHTpL/tf/Dk3VXQyer/DT1Z5xC5dQLT6P07Gqo6vR0aDu3uOH2uefds3PhoePnTviHH1yx/0FM3V83U9FwZYBJjUPs7Yl3qiPjQJ0sZIcf/o/uBB/7Ex71NX4p87B91u7A6a0HF8x9zsoF2UVx0cUEpRFsvjP25aRnzXffx268ucP//i0x7fu796UsWCHU0d+usjT5mUqgqkVHgInmxJcECkTgL82ldWUOjras/aCSPkDUVXXfu5duOVG1/9wEFENmszPDSMX/kJGkGu/+I3Cp3I4BQrDyomOto9P3tevTJ3lPvP/hKf+adFPH7Pd4Z0P4yaTeV9A+3Vser6AYSHOtGGefMtt4rubL/qc/qWDCaGWTL+jNV7mp5yf7/9d8KXHzjZiz559R4eWvPaybW0dTZSN6XomGUKMilTK2cSxs5DOz+wWLqOS9NAK6u8ZzhuNWExlJf4qRuKOjBkdkQ/9aGlxb8/c1nfj1b/iB8+9RLlxdZ4fTkoM60NZgYnADtz4HIZuukzp4k/3P2ouuMnn1iZbAsTXDRt/YJtUUwhFfqJMSIdPvGlqXziS1PettU6r7+yef+6TQ+663qez5s0UodhWdYHBmhZFjNDU9HRmOvMwdp1pZ5nhlwBBMri1v7u1tqt9y5s+NFHfsqNhyZxfGe6yi/Bkxais8cjm0VY1pvDJaJloFce3LZl6Ws7Ni4aF5zZmBqYtPuZzht4+Po3G9F1ZtbDA49JhCZOFt27e9tobG/tEaamZpihSrcn+PfbSN61FiqFQjDVreeuB76P1IZrdhSvz9NHwO8U9+eNj7bPdVJEN04h/7Iblu1ru7U+FoH+ZCAVjpW2YhgnJ2eONnWrQw0dgY377/1BVhszJpSe/rtxjbvTl5vfQ/LWnEZ59WLQ/h2FPBl9lOQLZKZ5RlIOmn2ZnpnREu/xDzy7JBAIKQQGarA3QbVZtmBf4MU7tECP2bUl7M2b+pGvLl04Z+/EQBZ91YXRux9+4K6SFb0BIaCseFy8eFJdO7outmzYom77wXf45JU3crT/lS92hl5aGgtVjHqeuW7tlke4au+2dxTbV37+ipOd2W92byeTEdF45PDH/eUJ2lobFxuaZhgfZEZWoNNHL75Bn+odaJ+wdsuDtx/IPnGlXtIe9HmweOKH/7DstIserMwvoPfltfzyL899bXTipnmlwMH1kOlpKusf7qotryrvvWf1KPEDGaybh5YN+P/89XDI4dALembhzPFjd1zfyNPj3zExxMvV81i65531o9cPvz7xePbVJZUzYGxwcLy39VCeAfID8U9KyRPrn6x/6L9+scquODC9ai4UJUxOm7Z4U7b/nNtbr3mSZb/+M93hlNk95FRzqKqhu7EsHcgWdPp1ObZ500NNgxtf4yK9sHj5ncuu3Jy943turCPa9BIMdMphfyCa3P0zA1O+3TDp9IXjtGltCKlO2F/JkRXbJgRrhwuilWAzHNvz8sZ8IaX3AUVUM7Y3bMtra2ubnOzoqBa6PX7K6eO7O/XZ6/rueXGovL+R/oDNc0N9IlhZ5wukNDFt5lX2wgrXa2troX5muf7ihlXX9FRu+Pd0rKNKZhSBVH1btmnSxsW1H3549Z+3r5257ndUvv1Q0/0c+uwVJAMmmpQn56Yygd7rMxXr78+fkGXosMnKyh9faXzQf6WgBN6MCU+P7Nm3f/t18sHt909yWTgjSeq2OgIXzhTiPNTq59fQ/MPvqqo6IxMUktG4S15FkFh2PJ2i9WOHIq/9woy1RpWCfHNOy3lnXfCx6ARnW0Zbzu0/WEj7169Gvm2dY/FBSo43oL9tvF3XLfqy/s62sdjx3r2jdd3HkqzZ8ZczT8WApDLNND39bejNMboLIcs+gikPxnQFYAmw9FwrsqZ7LJhXxJzTT8M+fUhsPdS9bb63+Jt66owaZzCQ+lC6/k/1R9oPbOr/NaLmbObMu4A5/6P/dNE7lFJgsKfh2EtbGgPLUwePzA1OXVRfWTpuwymZAFVKQ9cNpAG6Jt8xFCpOmhFQnuSC81Zw8YUzTrh1BSyZdP2xqtj5x6IE0RMJIiETpNDOiHxWZu3/PkInTlSXBYG/rpaIOdOn6tOn3No52tTeGa0Uz5qpzfz/AQCBtkO0zmkV/QAAAABJRU5ErkJggg==" id="logo_image">

All that just to show an image.

Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.

7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.

So please stop embarrassing YOURSELF by pretending to know shit you know nothing about and then using that pretense to criticize people with amateurish pseudo-professional claims which are blatantly wrong.

Let's look at your post. Does it do anything to inform the OP or help anyone on this forum? No.

Does it just bitch at me? Yes

 :-X Please
Title: Re: Worried about new unsafe codes
Post by: Tienamen on July 26, 2012, 12:41 am
Quote
1) Actually you can view the source code. By going to View --> Source Code.

At a minimum you are wrong here.  SR is atleast partially written in PHP - a SERVER SIDE language.  What you see is just what has been rendered and passed on to your browser.  What you see is only what you are meant to see.  Who knows - there could be 1000's of lines of code on the server side that you would never ever see...

Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*
Title: Re: Worried about new unsafe codes
Post by: oscarzululondon on July 26, 2012, 12:47 am
Quote
1) Actually you can view the source code. By going to View --> Source Code.

At a minimum you are wrong here.  SR is atleast partially written in PHP - a SERVER SIDE language.  What you see is just what has been rendered and passed on to your browser.  What you see is only what you are meant to see.  Who knows - there could be 1000's of lines of code on the server side that you would never ever see...

Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*

Hmm more newbies commenting on my posts...

If you'd bothered to read more than 1 line you'd see my next point was that you could:

Quote
download the entire website offline in it's original code by viewing the FTP sever as a guest.

That means how the developers (DPR) wrote it. Including all server side scripts, everything.

 ::)

Perhaps you should delete your post rather than embarrassing yourself.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 12:51 am
Quote
1) Actually you can view the source code. By going to View --> Source Code.

At a minimum you are wrong here.  SR is atleast partially written in PHP - a SERVER SIDE language.  What you see is just what has been rendered and passed on to your browser.  What you see is only what you are meant to see.  Who knows - there could be 1000's of lines of code on the server side that you would never ever see...

Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*

Hmm more newbies commenting on my posts...

If you'd bothered to read more than 1 line you'd see my next point was that you could:

Quote
download the entire website offline in it's original code by viewing the FTP sever as a guest.

That means how the developers (DPR) wrote it. Including all server side scripts, everything.

 ::)

Perhaps you should delete your post rather than embarrassing yourself.
Listen you little bitch. You made me get up from my laptop on the sofa to come and sit on the big PC. So open you fucking eyes you might learn something.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 12:57 am
Quote from: oscarzululondon
1) Actually you can view the source code. By going to View --> Source Code.
That is the generated code you stupid fuck. SR is writen in PHP, PHP generates HTML, your browser interpretes HTML and shows you all the pretty shapes and colors you see.
You can "HACK" the fuck out of the HTML you wasting your time you fucking MORON.

Quote from: oscarzululondon
2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.
I dont know where you connected but ftp://silkroadvb5piz3r.onion doesnt work for me.
IF you were able to download the source code from the actual FTP server of SR then you would be able to connect to the database and fuck anything you like up.
Also there is talk to make SR opensource. If anyone could download it there would NOT be a treat to make the code open source as it would be available to everyone.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:03 am
Quote from: oscarzululondon
3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.
Javascript is a client side interpreted language. The client side part means you can view the source of a webpage and you can actually see the original code.
PHP a server side interpreted language. The server side part means you can NOT see the original code but only see the result after the server has parsed the code.
Javascript looks like this
<script type="text/javascript">

alert('YOU ARE A MORON');

</script>
If the browser does NOT find the <script> tag then it does NOT parse the javascript.
Now view SR's source you little bitch and show me the javascript.

P.S Yes to you it must seem like voodoo.

Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:10 am
Quote from: oscarzululondon
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:

Quote

 from reviewing the few bits you mentioned there are no security issues


but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:

All that just to show an image.

Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.

First go view google's or microsoft's or yahoo's code. There are messy like shit. Why ?? Because no one gives a shit of how html looks except if they are doing SEO and that is not needed here but even so the code is exceptionally clean.

Second the programmer only had to do <? echo $image; ?> and the image code you see get generated.

Again there CSS could have been in a separate file and included in the header as it should be.

It makes no difference if they an external CSS file or if the include the CSS in the header, expect for hierarchical purposes in the CSS itself but thats irrelevant here.
Title: Re: Worried about new unsafe codes
Post by: sourman on July 26, 2012, 01:14 am
What FTP server allow you to anonymously connect to it and download the SR source? Clicking "view source" on your browsers only displays the HTML, which in this case is free of scripts of any kind as far as I can tell. The  pop out menu tricks are done via HTML and CSS as another user has already pointed out. Adding stuff to your cart is done through HTML and HTTP a la POST submissions, not javascript. If you can actually download the SR source and audit that directly, then I guess your statements make sense. You may want to bring that to the attention of the admins though...

Torbutton does not block JS. It only disrupts certain leaks and hooks some JS functions to prevent known attacks from working. This does not protect you from vulnerabilities in the browser's javascript engine, which is why you want to block all scripts via NoScript, especially on sites like this. Also, make sure it is up to date along with the other add-ons, as well as the Tor Browser Bundle in general.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:21 am
Quote from: oscarzululondon
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.

Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.

There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.

Now go and cry to your mother like the little bitch you are.
Title: Re: Worried about new unsafe codes
Post by: Tienamen on July 26, 2012, 01:39 am
Quote
Quote from: Tienamen on Today at 12:41 AM

    Quote

        1) Actually you can view the source code. By going to View --> Source Code.


    At a minimum you are wrong here.  SR is atleast partially written in PHP - a SERVER SIDE language.  What you see is just what has been rendered and passed on to your browser.  What you see is only what you are meant to see.  Who knows - there could be 1000's of lines of code on the server side that you would never ever see...

    Although you are quick to cut others down, you clearly don't know what you're talking about either... I don't want to even bother with the rest of your points, but I'm sure at least a few more are patently false as well... *goodnight*


Hmm more newbies commenting on my posts...

If you'd bothered to read more than 1 line you'd see my next point was that you could:

Quote

    download the entire website offline in it's original code by viewing the FTP sever as a guest.


That means how the developers (DPR) wrote it. Including all server side scripts, everything.

 ::)

Perhaps you should delete your post rather than embarrassing yourself.

Wow, you really are retarded, aren't you?  Thanks SteelSeth, for jumping in and putting this idiot in his place.  I just don't have the time or inclination....

Whatever ftp site you're connecting to has to be run by some real retards.  I would put BTC on it that DPR doesn't allow guest access to SR... (or if he did, this whole place would have been pwned a LOOONG time ago... If everyone could see the backend code, it would be trivial...)
Title: Re: Worried about new unsafe codes
Post by: oscarzululondon on July 26, 2012, 01:47 am
This thread is full of trollery, all users should be careful.

It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.

As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.

I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.

OZ  :)
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:53 am
This thread is full of trollery, all users should be careful.

It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.

As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.

I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.

OZ  :)

WOWWWWWWW.

I thought you were a MORON, I was wrong. You are a far beyond a MORON.

I have no words.


Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:56 am
Give us the address of the FTP you connect to and got the source code.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 01:57 am
Tell you what. Since you know everything and I am full of shit. Name the programming language and what the below code does and Ill leave the forums and never come back.

+++++ +++++             
[                       
    > +++++ ++             
    > +++++ +++++           
    > +++                   
    > +                     
    <<<< -                 
]                   
> ++ .                 
> + .                   
+++++ ++ .             
.                       
+++ .                   
> ++ .                 
<< +++++ +++++ +++++ . 
> .                     
+++ .                   
----- - .               
----- --- .             
> + .                   
> .
Title: Re: Worried about new unsafe codes
Post by: liquidBrr on July 26, 2012, 02:06 am
Wow. I haven't seen 'Hello World' done in brainfuck for a long time. That makes me miss college.

...errr, you weren't talking to me were you? Sorry. I'll just move along now. Nothing for me to see here.
Title: Re: Worried about new unsafe codes
Post by: Tienamen on July 26, 2012, 02:08 am
*yawn*... I'm done with this thread... oh yeah, and you too Oscar....
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 02:10 am
Wow. I haven't seen 'Hello World' done in brainfuck for a long time. That makes me miss college.

...errr, you weren't talking to me were you? Sorry. I'll just move along now. Nothing for me to see here.

Dude thats not cool. Why not let him google the fuck out of it for a few more hours ?
Title: Re: Worried about new unsafe codes
Post by: goofus on July 26, 2012, 02:35 am
What FTP server allow you to anonymously connect to it and download the SR source? Clicking "view source" on your browsers only displays the HTML, which in this case is free of scripts of any kind as far as I can tell. The  pop out menu tricks are done via HTML and CSS as another user has already pointed out. Adding stuff to your cart is done through HTML and HTTP a la POST submissions, not javascript. If you can actually download the SR source and audit that directly, then I guess your statements make sense. You may want to bring that to the attention of the admins though...

Torbutton does not block JS. It only disrupts certain leaks and hooks some JS functions to prevent known attacks from working. This does not protect you from vulnerabilities in the browser's javascript engine, which is why you want to block all scripts via NoScript, especially on sites like this. Also, make sure it is up to date along with the other add-ons, as well as the Tor Browser Bundle in general.

Love the security flames...and I hope to learn something. Whenever I fire up TOR it does say "security updates available" but when I go to the TOR site, I can't find an "update" or "new security feature" or anything that allows me to update TOR. Should I uninstall and reinstall the TOR Browser bundle?
Title: Re: Worried about new unsafe codes
Post by: NFHC on July 26, 2012, 05:14 am
the amount of stupid oscar has shown in this thread has discredited the intelligence he seemingly had in others.
it is amazing how he continues to try and defend his poor understanding of the site, instead of admit he's wrong.
Title: Re: Worried about new unsafe codes
Post by: NFHC on July 26, 2012, 10:34 am
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:

Quote
from reviewing the few bits you mentioned there are no security issues

but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:

Quote
[snip]

All that just to show an image.

Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.

this is actually excellent design when used in a hidden service. pretty much the only way to knock off a hidden service's server is with a slow-loris style attack (since tor doesn't allow syn flooding, bandwidth multiplying, udp packets, etc). if for example, on the front page, images were loaded as files instead of embedded base64 data, and the stylesheet was kept in its own file, the number of connections required to load the front page would be 17, not one (12 pics of droogs, dpr's avatar, the shopping cart, the logo, the stylesheet, and the page itself). by increasing the number of open connections at any time by a factor of 17, you're setting yourself up for a slowloris-style pwning at the hands of your innocent, unwitting users

Excellent explanation.

This thread is full of trollery, all users should be careful.

It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person.

i'm kinda honored to be mentioned with kmf, dood is a hero in this game. but i'm also a sad panda because i was wrong about oscar being a federal psyops agent, this thread's made it apparent to me that he's just a fucking retard :( hanlon's razor at work i guess
this made me laugh
Title: Re: Worried about new unsafe codes
Post by: kmfkewm on July 26, 2012, 10:44 am
1. You can only view the generated html code NOT the actual code of the application thus you can NOT know the quality of the coding.
2. You can only view the generated html code NOT the actual code of the application thus you can NOT know if there are any security issues.
3. The 2 -3 pages I looked at do NOT use javascript.
4. Let me repeat that NO JAVASCRIPT.
5. The menu hover is done by pure CSS, NO JAVASCRIPT.
6. For generated code the HTML and CSS is really consistent and well written. But this place no part on how well written the application is, you have NO way of knowing how well written the application is. HTLM and CSS is like the paint on a car, you can NOT know from how shiny the paint is how well the car performs.
7. In the TOR network one can NOT expose you identity using javascript alone. He will have to use it in combination with some other plugin like flash. Javascript is NOT a huge security risk in itself.

Please stop embarrassing yourself by posting about shit you know nothing about.

1) Actually you can view the source code. By going to View --> Source Code.

2) You can download the entire website offline in it's original code by viewing the FTP sever as a guest.

3) Every single page includes Javascript of some kind. I'm yet to find a page that doesn't include it. How do you think the "add to cart" works? Voodoo Magic? It's all Javascript and PHP.

6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:

Quote
from reviewing the few bits you mentioned there are no security issues

but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:

Quote
<img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAABQCAYAAABMIbYpAAAACXBIWXMAAA2wAAANsAF9ZVn6AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAJb9JREFUeNrEnHeYnWWZ/z/P206bc87MnKnJ9JRJT0gjIUVKCFW6oossLLoWEEX9KVZYXLHsqthBZKWIVIMQSgwhBEJIIz2ZSZ1M7/3MqW95nt8fJwRwV6Xk2n2v657r/PGW5/vc9/3cfYRUNkIZfDV7B9f8aog5i67BXXo6EjD27GCXtZ2ffr+fdODfeDr+DerOdNn2T1+jKFqEUor3cwmR+7trZ+O5R9rv/8Lh4y8triy6/PnrP3Hbp4QmbcVb7xUIUIL3e2nvaWE69PZJthztP7FQCcJ9TySEJJv1onf/7hurb7l10dpdh3980RmX7Cm082+/9pEnfvR7JYVAgVIqt4GKD3Rp7/UBXddIZ0fpHxhmMJ7K7fB74x+ZtG0cOLJq6c3fG8Mvwuzb5CObhhfXPb3YcwVSekjPQ3kSEP+7AAEMXXCodYDHm14CjPf4tMKwXGfT2mB2/TOwcGUS14b920CYPbGOrtapo71x+psG8WyFEP8HAAE0DVzhnlizduJV744C/qBdVFQ88NsfwvOPKeYsz3LVp+CMi1qid9z+xceGehMxJ+UgXckHvbQP8rAQ2luvUe+SEGiakSkpLRwBGB7UkR4kxiBWDNWznpm5ufG/7q2cVa35w773fZCdEoBvHgDvVowUCqkkoLjgoos3/Pxn99w9tb4u6bpvvWve2TCi33nFC2sfulMIDYT8PwT4nlmucoQS13zi2u+YPvPo2md6QskhP/oJVbazUFOv2HH0llsP7Dt0rkBDKfm+6X8VoAAEEpBqR8Nzy++5/9/uUEUeT/0hgJPReFPiPQdqpg+LTTt+dqvnCYTQ3jf973IQgcAknh70//GJX//GsbrCxRU+Ovsk2bTANHN3SQnhKOSVb5gz2j8UE0Lwfsk4NQtXf19XlEAIIUBTrc3tp/9l4yP/7/WtG6eXjM/DsMCfr/H6S4IzLxLkRRWeB64LmP2FLUf3TTaM+i1KeO/L5p86gMi/c9oKwFC7d+2+4LKPnP+s9A3opZUh8go0dAOKqgVP3C945mGN+Us1Vl7hMnm24sietKibopXpGrje+zP5xv+CWAowxGtb1n3+rvu+fmukalRPjwTwhzUMv0DTQDoKyyfIK/LRm7K4+6cOy8/yyC/IMJZJF4cKy9/3108RQO1vOsRCCLV23QtX/fTRa36OlcFnhQiNl7i2h0BDeoLhLoWdgqLxOhX1GgMRi2efcBgbgGm/6ipTSuI49v+tmXjLFoq/Iujr7Yn2tKUY67boPJpBtzTcrCCdUCSGof2wi26BJjQG2iXxPokVUoyNQVdn7xQhNCz8WPiw8GFgok4oxj+id81BXcs9kMVD/U11d5Eq+w4HWUdnQs2ktuSAScl4QUGpoK0xQ2m1wWifxLUVQ90OheUGugGurcjLF4TyDRJxjddf2zi99bNnWYN6v63QAYgRo4aav7OOdymiQimEUDi2R2c2RJUJNenJBPUCdMPEcd2/4qKBEOoEQIWGRhZBc19bfWmdJK9Ap3aOTluDjW4qhIC+Zhc7Lckr9KEZAk0HpaCgXLCoJEzn7j0zH9l/94w5S2bvCjEHhCJPhVAUvBeAAk94CE+CysmtAFRRCdl4lHkLJbMCX6m14wOf8IffmNHZ1XVUiyzfsHL+gvVv89hyfibWOz4wZo+Ur3/5qc9FSsHJQjqhKKowSI56CAGaCXVzfIRjGoalIQSkRiVdRzzyiwSR8SkxKXNd4AL9rNwLHUAHqXnv7pARmCCUGOcVK1Hqg7w8PZ4Yi4x09heu3frEpQ1dr34oGPHyA+MG6wfL9pZqfo9OG154dvxXLzj0ne/WLrzuR0ZSuOqEGd+e2MqgO3SChxDPjM5t6dk2Nb/ax0i3ZKjHI1qsM9rnkc0oyussiqt0hns9hrpcZFriGJAMSZq3uIS0oOzbf2D56Jw5A+GigsOtHVBUrAjn/T3D9Dap2rd/L5Yw6Wo9tnxL8oGfWMGs0bHfDDqqPzoa3VI6NiAprIJwGWhoHHtZR+iCmiU2W+8Ocv3Z918aDp6+2vNcpKeomOAwZWYAdYKfzY0H6r5/31e3uMHWkp4jiviQZMI8P+lRyeEdGaLFOpPn+xjqdjm6PQMTBOGPgDkb3A4NbwjcHo/S9urMJZOuefLznz/9i2Xlpw1rehnqXUA0kq7iwKHh8X989nsPpEu314YicOB5jYUfB8M1aN9sEPBJimuzdOz0ESn3aNoK0rOoWJYikTk+7ZJLl63Opj2UUlTU1hAIB05+IKT5WzJ9pZ1towdLCkpCaKOSsUGPwnKdsmqD7uM28T6DnoMu2TSU/LOOeVEWmVIYpo4xBaywZGisyf/DO7577Yz1v2275rqV35a8uyhDS+cX+rb3/eo3pSu3105ZZKE5QaRtkhk2KZogqV8hQSjctEHHHsXRDQb+PI2egxoCQdobLTS1NH5fGn8AzKB1IjBywVa09HbOOtrSOG20H0qqdMrrTFwHPBeKqyyyY4qDr2XxFgnK/tNC7jJJ/sCP85wPpYCwh3AUPr9G9GpYs37jxWCgnUiW/CPS0s3+WOPe1y9s3gm7/2ww2ge1p8NwuyDeraFZHm17BevvMpCuYKhDcmiDIj2qWP8LGOoZKXKCHh1yhEi5wtD1E9qow4hgwyMvfpLQqM9O50xucY2BP6STGFI4aYUo1gjcDMGvOuiGQDsri7E8iwp52M9Z0GngvmEydJOBcdTgpc1rpx5vOLZMofCU/Q9J//a37nTcsYEJOzcen/LGmiE9azuUThSU14NuQOc+jWxSkj9egTRo2+eRGpVEYiaZMY/8cGGqSpzzwIZVFeqhLf0ULmhlvFWGPTjMn1b/7l/uffEXd6RTCW2kxyO/xCQvpjHYrpAZiTdOoH3FxXemC8ctVJEDUx30UoUxWSK7NNQBH/YhQWaXQgwbjDpxnbTwV5bWrWo+1EV3Wx9drQN0tfb/j6T/6rHvugs+s+zpeR9ZuXrFsg81jHVpRS/88cD4oRadeLegZqFi1qWSotoc2CObXcom6HzokwZWyCHTE/NEnfG7Z54+5rz8TA8vzr+d8Q0Rfd22N2765T0/+GXS7TM7D3l4jkJJiBQbJIYUwoORsIt2oYN2LAD5LrLEAVsgsjpGIieu6U2CxC6bwAwdd0Si5ykSXrzijOplj0QCkXjQF8BnWH+ThEJhv5Bl7OwsMV8E280E//NHd3191dq7b3H8XWE7YTD7Yo2eIx7bHvcortW45Dsahl+x9UmH2vjKQ86kmtmt7TX2v844W+/g2aVNbZu+s3PvtnOEoRjqUgx02PhLdby4YtLsPKIlOm37U/TGHcr+Q0c3ddSMNMoBegy8XRbuEYj/xSUz5qJZgvwL/KBJRv+SxRc1+MPPH75s5oxZzzy+6gmajh3/B4beU7iui7JshC5SX7jpxtsiET20du/9nxl12kKJYcnEpRr+gEnlQpu8cof+Qz56DjosnTOt8dk1PfZNn9IoKHnj8nvvfuQxs3BYjw8qsmlJekwiBASnG0gTBoddkocdenscNJ9G9nkD/yUeWgj0437ivxeMrrNxUxJfjU7ZPB/RIPhLdDoPSrwxRWrMZnPLtsXJc+1nHv7VgxzuavrbLua3l38LeamHUaG96UEKK2Ay6/QlLy6ZfskTAXvC/h2vNdT5yoZLKqbp5JW7eA6khzSceIglk87/8Rkr5+5evnyBNpZyeufOWrjKy0YKd+/dOc1zwRAC33SN8A0CLQJuSmGPU0RO8xGaauL0eWR2KgQazk6doYcd9KBg3HyL2vkm1SWKSfMk9ac5VFVLwiUaSkpU3Bf5+Hmf/uMTW7bYQ9ceh0uAFcDKd5LR/GgzwgY6cj6gEKBrmnAsT/V2NB/L9/uO+a1Ih2ezRmkuUub89EBUUr/URau24jULrmbOeIs5sxcMvPjin2K94qWzaudrhKN+dL/kaMxFzHAxggJzmsCwDLR2DdeRZIYU/hqd1LMeiW1ZIjUGU5caVE2DzLAimxbEezSUgMJqyazzBVPONNnz1Guzfnn7Xb9dtuKSfxng9WzKtMkriv53EXUT7l/l/4XKSoeD+/dgOwkyhkek0umzwkrqltSQOWfVF5UkBjO8sfP5z9qZsleb/aX9F8ycwSt7n/+aLGwtzAuHKJks6W5zUPUSfBJtmkLTBFq/BjUOzh6F3SnxL9QILBGk92pEIhqxmIbpU0RnKJTyGG7TSPZrpIc1PAcKqjwmr4AD6+7/+GXTvnD0nx865/bimhK+ee+P/1vYb7wdnMpVPSgrKGXTwjTbsm9Q49VRciQ2MoKX9UW1gPRyTqZmKrIJk66jW86RbYH7qsbP+sEvX3tyQm/Rs5cZ+DAsjXCZi52Aow0Ca4Eg+7qG3mth92ukR20S6yWBOQbWTBhbLxEZRd0sg9JpkrxyG2FKvKzAP2JiBnPZNi8rcDMaoUKYeqHLwd4nvnL2Z760SXcWrfvevQXof+XgiEQi8Y7cihCCYDAESpF0EgSNALfcelNtU+DeA/VniaCX0XL3aZAe0jn6CnRuC3uRYFlvbEFnbOJZY76GZ/1kxzTmX5fGy2g8eZuGWqEQOsQfVag0eBmFL98idptALErTc5Og2tVZcauGFXbeUVmSdk5w7IxgrMvAywh0vyI6zsNOSka2zeicHrvqqp/9UN+aYOI7ORgKhf57CknlgPrMIIOjfSyafYa/69hThpIDJ+IogZKKQMxj+sWCictH9MG2sXHhIoHhF+g+qF/sYPgkhiUoqTVovM9G1xTSUSBBmALPkdjtAr1SR/RLpn1cECh0cO0cOKUEQiiEkQt1g36F5XdID+lkkxqJXo1YneS1xj3j3fyyu6+9dMHyjc/cNfYOgH8v9+8mEwz29VFRU+1FuqOu9Aas7LCGLz8XiykPdEsRLleAjvQU0oNgviA63sVzBaah8OcLYv9q4RxyyB4BPZiL++y4y+ifNAJHdGqmaQSi4GZyTqSSIgdSz/1WCjShMPyKSIVDakCn+XWT4npF4TiTI5275py/+PxF57J8nfZuInpHKUZUgPyK6TR1tmcMO2CjE0wP6OgBieE/scsS3KxGZkRDC7gIBAXj39J06YCrKawVDqHrXejREbZAODrYBqNrFOFjkur5kB5TeI5A03IbpeVCVYQuUUKc/B4iV4wd65coTxAp1RCM4tX4Zi1/5MvrzBH9HwPUgGDIwtPgjembO4zXJ7yU7DtwlRaUZEc1rKBESoWbNHBtwZFXDerPdRA6RKoyIHIpCekopE8iwgrPkRBViJRATwnUmEZwhklFHditGYIxsOO5ZIdugM+n3soXnFBJ7YSKWAEYG5D0HhZES6Gr0cG2hoqatm+g4/kDb9bJMcTfyEjrQESAk3XxP7dHzpg191tHe1vOGNb2jRtq8RGt8JCuwEuZHN3ssPXJJNULBfoEBZpkrMtC9ynCBS66X0Jay2WuRnU45kOmNUQAzNkZosd0hg+AdAWDrTpuGmITJX5N5jjGyTQPUoK0dTRd4M+HY5sU9csNmrZn6T2jJ79wXh61F89F+f2ARPv7STeN9q4OfnP7kwxtTh1ZNOGjf+g+DM3bwbNPiIyCbBJCUUFqFJyMACHQdEX7GzpOUsOMKFTEg24TrSGANepDVzoYEi2rEEmJk1EkBwRDrRr9TQI7/U6TJlAIBV5GkBnOiWDZVMlwp8Dwu2QT0N4SLx7UplKcFpSkNUrSOob6uwlxSV3tBJafvYD7V/2Br9d/e1ck4setEKRGBKGYRJgepXU6sy7QQbpkRxXBGATyXboaNIRtYhabuJsdaAXdJ1EhF6NIQ+SD7LHQDQclIDmUk0XXBi+rcgGveFsdUoNMXEM6oFuSWBVkUwrb9sjLh/aUv+DmH/azZtYWYqXOiVP0H4T80lP4smeR6TLp3Ve127ImjBihhnyVtbDHBF4215igCUm0HAxfbmGaKcgkYd86cJRLwTgI+wz6WiWuyJDSFJRD1TydsnkuIyU6qSGQHpgBhe7LAVLeWwUAz4XMiE4wJlGuoGOPIDXskh6BQDFExgYDU1Scbdt9RAP+d5EXBTKOZO6CG5k540bs9J6jC8WHP7ppJPSzxg1vTIsUmWRHddr2erQ3OHhKZ+G1uS0XgBWEYVuim4opHzJJDjuokEBmdUa7PJw2RUGlxBAa4SJBZhTScfBHIJifs4NvsQ9SAzquDYFCSdd+wab7PTRLYWcERdUmYbfHdCoq+W7VaXjK+scAFRD0w41fcQHBI3+czm2NN667oW7cuebhkm8d2rbvY8cOdRTGBz1A0LFfo2KfRsXc3KLGTxcMd2qEi2Cg2aO4XlI+XSc5IDm+VaCURtshhTQ1lBSkRhTxAUWkLGcG3g5OeYLUoIYZAF1XHHsd7KzEZ+TuG253SRVZmf1ZwbYNwycqye8ida9OJuIVGc+kKXGAXz/a3DW95uM3XXnZsp+MjA59bM2q1V85cLCxcMISj2i5hpMCMwjjZkr2vaARH/BIjihcqZATNUIxweQPCYZbdfYecmjdJfDnSUa6c1F/NiEY6RAECzl5inqOwMlCOCKxk4KB5tyazIDAHxL0tUqCUb+z9HI4b1Uf5V3ivVeXch1YSbqaI3Q1V7Nh38DxJfOPff+aC69Y80Jx6d2u/crpsTqP7JhA2oJAFOyszcARD1+eoL9ZUDtfMXm5jj+kEyyQRMtyepZJghnIncw9hxVWSCNWlfNLEbnTWWYFvpBkbAAGWnPIgwUKL2UhMx5WgbDyj4/H27WRcpl+v+UzAZoECa4bYOORbezf+9ruL37ptiubWnlxbGjDNJ9fkBnV8OVBeU0+ES0/e7y5yYemSI/o9B5UxKoU4VKNSKlgsFmiWyA0RWpUkhpSDLWZZJPgi+ZMkbRzG2zmKQb3K9LJEyJoCgZaXaKVYIT8xmDeS1RYP6I084HLZxJGE0xLJSgZGGDvQ/d2Ti1ffF+q38BzITWok/WyfObLV63etXvPrE2vbbx+2bLF7d3HbA5vcujYr2hvkCSHJX0tLq2NWVoO2HQfdkmNKlJjisSQOGkMhZ7ze5VSdOyVJyrKCn9Iw00blE/WGc70Bp28SWaCGMeB4++7ACo9li8t4+orLuNzF5yH0HVQ8PjmNxq3NkSzwdiQT2m5NVTVVrdGo3lHlixdduS2b90eOHfl+XdLW+PY9gwBK+r+8z/fcH/9x6Y1oFR5Yawo6wv67ZfWrp/1wGO/+uhIm07pZB3N8tAthRVRpAdNSo25q2treyY1NzdNtYI6VkgjTxOkR+O+Y4dM4+nM007MtN+7iLoekLRBpCleeJyW2BFu3uQHKQnlhbhi5qxG/65xI4jB0lCRy2inRYEzsYdQBib6QejpXC+MxM5KLvzI2Tu/dMtXP10+rgztbUuZM/O02Lbtry8d7tk1zh6z8Me8nNdk2fj7z+i+8bL/d33LmS11//mfd23IpjrCk5YKWnYr3BHpn5XImmf94qz0zIv97xWgoLLC5WvnTaDyihiRWIyMDJ0oXStM3SRYGmyfOXHRi63Z/deGiz32Pq3Td2WmT1YJtNwG6W9Wg5VShCN5HZl0luGhYWKFxbik2Zf5MkbIHTx70ZLH1nbv+bKTEph5AjMkSR5RzC244g8XXn7ZcFPTnp07jm1+6okH2q5LDIEVFAwk0pGKypLoooJ0vPaYH9S7NBNvunPnniM4X1vwN3egpfmQKi+Y8eiRvtC10bIkqbiNIfJtzfKRJEmf6I1rQsMMCMIlHppPO9rTN4QrPWKFxbza9BoffukeSrvhTv0bDx2uq/uMMJtC2bhOXrmNGi10w75pTz383C4WL5HMPrv+8Sfvybuu62CG0smCw4PJSPCM4yVaRXU7dQXwXjudNA0k3v9IoNRgv0nLvnS7PhbLuBlB+QzFlm1N4awNKRLYkfjxvLyQW1gpGD/VT8jz4hPDkqr8AtoONfDJxZ8m/VlouUPjWGVbw/SS2uNSc1FSkB4DBuoapp1e2iCdnfzrv9yO0TluT/2kqpGeZpe8mIYrM1rFRKPgT5tL+PxPFZ+/6z3qoPoHbQiD8Tbli7g9gVR1f19TR6XpV/QdP1I13GRTMjlE1XA4nl+Ul47VZ8OOZ7KySNPyO/aiqqcSKSym/uuTaR1rBSTZsOXO9E9r6TD+MlO4kqF2KNYmNM7vqUgsWVnHnFm1tB1PDNbUlXQ8v64xv36RRvFElz2Ok3fRFVlKSnUUCkNDP1WNFqqr4yDtja8Plk+c0LR316bK/HJwZefyqM/ze/gy/T3ZGUY0ETT9gsEdHjN+fkujb8JMAPzhCNO/PIMXWQfA1te2MrP74kOmjw8bfonbBfnVnvX4sSR9DTpKX8HhhqP2gtkz13SFXplRNVfR1WTjjnVNqi0P4IvmjnFj/csvnZIeNMdJEx+6j/o5KZUfnPeq0RE60+dPc7B172nDvv7KcXrV0ZQdnx4oTeqaplNXUztii9SBjoFWLDOIbdus/fwmaMm9cVNhDx+/Re+yMhoIkFlwfXH/T3/yAh19DoMzgxSdE+dn55X+Zkpy3ifGhneVW0HBqBMvSYoUvb3Z3Cm64pxzT21fU0Djgfvy9peXRnH1DGaemxlLuF7O6zATkSLQTMnESZP2pvNLj47qoIkUCXuEusQ+xp0QKDM1THYwdRR/GDs1RmoYrPJQ5nMrR+nzHeB3cjXtLyW4MxlrufWiW7730DOHf21nEoxlpKl2eOhDDiKtMKw3W/xORa8kAs0TxDsyvrwY9IxI8vIjmeBYZkz1jJD2BuxwoUkinqU8PLGxYk8YN5PLrAuzgFUPfgHNSiIUOJ7Gc1uqO7fsC6fM0tFgKg6hsnS4+HPjiZ/h55o11Ty7cTX1CZ3C0qI/+kenfE2ZO6obuvbO8qVdETvgV9wcxpgxuf6UctDwWRglRaNmPJcuTPn7il5+ceP8jyy6aE1sXOFkZ2cWX0CQseL5e5x9ZNwUUikChp+FvjsxTTMXMCu4cHpL/Kk/PzGSCnQEDV3gFUYyz99rof3sAOdevJI7Gv+NpGOza2DLaG3pjPVD2R03NLXtXrx/+4Pzprdkd4T1z2MMOl2nVkQ9k5GesQ4j33Ri45SpW8P6tgPrzq/uKl+TnBi3hQ90TdDR1Ta1qrZEczxbgkJJhWZksPzmySDNqqlpnjLu9N2vtW4bp6SgrfXQ5LrKTOSGz9weH19RJUApy7Ko6J5BadWMTdnN+g2h8h7/K+Huz7RcevqOj+aHNKPlcOKUAkyqfDa/PjHeus2ftCplvi8MgfKwHl44kfjul1wrKAiEFZmu4VBZRdBSViAjlURJiW4oeFur2CCGCk+YcjjxHBdlbUGPN1RTHWwbH8uPxN/KwAMyiTPa085oPoWzB+kc23Z+bXR+LGsPDxpf/+bEUwrQtsP4nKauvPKShrQ6vKRrh0lBMH9rp2hmxcUf2/rYtx4icGYcMxTOPHXHZjfSbwAK3TQ4545yKNNAKYTQKPJgZtC378GkhdAl6eSY31c7btzza/MOXnGFVIhcp0z95CJWLDtDvNJ6D0MtgtiEjujiqYsKA1Z00Fj33KnVQYRi6ekD2cnFczZu6XxtyeCBWLJk8ZLtL3/ubs7Z85tXz5x9UesB+Wh1zZRo+vjL53iDO0pOdiv6zxacc3WuGJpRGX6ybz0TLG1fyAi5ZnncUO4otRPyJl2wwlgvhCNkLi8hHCdfjelmXsm0FO0HNA5vi5ut8w/78swQxk7rqVPeAvuQr5kR81cjiT4YVzip7drL6zujl3+bUGF1/JLLL/9d5+7Hvpd0D8UuWLDPv/Dcuek3nzOnRlHkOOoIh2J9mM4ubbSoMpLxCobzsnE43t+WfyToMQf9RNpFkEiCp5UNR4t8Ssyxxa5Hs/6egZaKqd70A8ZHd370lAPcdrCFT8+ZP6bSUFQWbW70tSTPO+0S9jbu5akN2x8LBapu88KD417Z0Va2+S9O85sO8dWPLmfyrDAAYcJiWqBerY2uTo2vzEv3GeR179epWBjrqkACpnozsVSQDwtn1O5/bkdtZyZ1sEJID68slOeVGRhLfr/klAM8P3wOIs8e5phBKpGONq02DHUa7r99804OtRztPv9T5a1xe/8kx+ip/P5dDc1Ec22Zm6ZuYa36HgBttKkbMl9m4ZHidEFAywTywXAizJ4y7XCRELlOKgTC1dU9P7mHhsN9g4GS03Yfe6OxIpTvo2uoaMiUAYwv/ssXT32bdnsP65qfLkqkPHyoypWuCIqbvxQfHFxDzRnRlOVO6hkadSZdelVF+NPX5WGTBTSSuFzKufSTpI8+mswmPiLnuV0pUyVNmDP9rAOzNesomzehln8I4SpYAVe/eh1brDd4/aujr+AYHy6pCWcvnD2jJ6ZFMfjWqcWWHW/zVOmf6Wl5tdiMKEy7YCQ6pzyTXJfi4vv/g4KyifQ/+HstnbaRXiZvYuYW8L/1/K2cgY2NjsFQ1QhuVXdJx+CdhenDBd740tO/dsWntg7d9/NZFCLASPPKx35J5vw02+UuAhOrnp3YVHmHVWA5f3r83v7QNwswBn84dEoBNsxu4OZ/+hbfyq4wojFgQAxYl862rSt/yxcc8Jtwd/4qwQB0Z49U4s+glIVAMGjHaejMEAqGEJZOKFFKoLDn451HuvLmRK9ZZXD1mj/vtpmxYRJfmQ1t7avon/dDPN1jurToGDSaCmPjDydk/8QtTYbz8sxZGFPTU04pQKUrJu2fTHydL2YGIZkaKBlyCUcNxv79G19l/dp1XHnTXDdSBm29ieWJhPFjf8DD0A2chM7RNUEefviPdB85wuc+eXVBYemfPj141JBnXHTpL/tf/Dk3VXQyer/DT1Z5xC5dQLT6P07Gqo6vR0aDu3uOH2uefds3PhoePnTviHH1yx/0FM3V83U9FwZYBJjUPs7Yl3qiPjQJ0sZIcf/o/uBB/7Ex71NX4p87B91u7A6a0HF8x9zsoF2UVx0cUEpRFsvjP25aRnzXffx268ucP//i0x7fu796UsWCHU0d+usjT5mUqgqkVHgInmxJcECkTgL82ldWUOjras/aCSPkDUVXXfu5duOVG1/9wEFENmszPDSMX/kJGkGu/+I3Cp3I4BQrDyomOto9P3tevTJ3lPvP/hKf+adFPH7Pd4Z0P4yaTeV9A+3Vser6AYSHOtGGefMtt4rubL/qc/qWDCaGWTL+jNV7mp5yf7/9d8KXHzjZiz559R4eWvPaybW0dTZSN6XomGUKMilTK2cSxs5DOz+wWLqOS9NAK6u8ZzhuNWExlJf4qRuKOjBkdkQ/9aGlxb8/c1nfj1b/iB8+9RLlxdZ4fTkoM60NZgYnADtz4HIZuukzp4k/3P2ouuMnn1iZbAsTXDRt/YJtUUwhFfqJMSIdPvGlqXziS1PettU6r7+yef+6TQ+663qez5s0UodhWdYHBmhZFjNDU9HRmOvMwdp1pZ5nhlwBBMri1v7u1tqt9y5s+NFHfsqNhyZxfGe6yi/Bkxais8cjm0VY1pvDJaJloFce3LZl6Ws7Ni4aF5zZmBqYtPuZzht4+Po3G9F1ZtbDA49JhCZOFt27e9tobG/tEaamZpihSrcn+PfbSN61FiqFQjDVreeuB76P1IZrdhSvz9NHwO8U9+eNj7bPdVJEN04h/7Iblu1ru7U+FoH+ZCAVjpW2YhgnJ2eONnWrQw0dgY377/1BVhszJpSe/rtxjbvTl5vfQ/LWnEZ59WLQ/h2FPBl9lOQLZKZ5RlIOmn2ZnpnREu/xDzy7JBAIKQQGarA3QbVZtmBf4MU7tECP2bUl7M2b+pGvLl04Z+/EQBZ91YXRux9+4K6SFb0BIaCseFy8eFJdO7outmzYom77wXf45JU3crT/lS92hl5aGgtVjHqeuW7tlke4au+2dxTbV37+ipOd2W92byeTEdF45PDH/eUJ2lobFxuaZhgfZEZWoNNHL75Bn+odaJ+wdsuDtx/IPnGlXtIe9HmweOKH/7DstIserMwvoPfltfzyL899bXTipnmlwMH1kOlpKusf7qotryrvvWf1KPEDGaybh5YN+P/89XDI4dALembhzPFjd1zfyNPj3zExxMvV81i65531o9cPvz7xePbVJZUzYGxwcLy39VCeAfID8U9KyRPrn6x/6L9+scquODC9ai4UJUxOm7Z4U7b/nNtbr3mSZb/+M93hlNk95FRzqKqhu7EsHcgWdPp1ObZ500NNgxtf4yK9sHj5ncuu3Jy943turCPa9BIMdMphfyCa3P0zA1O+3TDp9IXjtGltCKlO2F/JkRXbJgRrhwuilWAzHNvz8sZ8IaX3AUVUM7Y3bMtra2ubnOzoqBa6PX7K6eO7O/XZ6/rueXGovL+R/oDNc0N9IlhZ5wukNDFt5lX2wgrXa2troX5muf7ihlXX9FRu+Pd0rKNKZhSBVH1btmnSxsW1H3549Z+3r5257ndUvv1Q0/0c+uwVJAMmmpQn56Yygd7rMxXr78+fkGXosMnKyh9faXzQf6WgBN6MCU+P7Nm3f/t18sHt909yWTgjSeq2OgIXzhTiPNTq59fQ/MPvqqo6IxMUktG4S15FkFh2PJ2i9WOHIq/9woy1RpWCfHNOy3lnXfCx6ARnW0Zbzu0/WEj7169Gvm2dY/FBSo43oL9tvF3XLfqy/s62sdjx3r2jdd3HkqzZ8ZczT8WApDLNND39bejNMboLIcs+gikPxnQFYAmw9FwrsqZ7LJhXxJzTT8M+fUhsPdS9bb63+Jt66owaZzCQ+lC6/k/1R9oPbOr/NaLmbObMu4A5/6P/dNE7lFJgsKfh2EtbGgPLUwePzA1OXVRfWTpuwymZAFVKQ9cNpAG6Jt8xFCpOmhFQnuSC81Zw8YUzTrh1BSyZdP2xqtj5x6IE0RMJIiETpNDOiHxWZu3/PkInTlSXBYG/rpaIOdOn6tOn3No52tTeGa0Uz5qpzfz/AQCBtkO0zmkV/QAAAABJRU5ErkJggg==" id="logo_image">

All that just to show an image.

Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.

7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.

So please stop embarrassing YOURSELF by pretending to know shit you know nothing about and then using that pretense to criticize people with amateurish pseudo-professional claims which are blatantly wrong.

Let's look at your post. Does it do anything to inform the OP or help anyone on this forum? No.

Does it just bitch at me? Yes

 :-X Please

You can only download the generated HTML, maybe you should learn how web programming actually works.
Title: Re: Worried about new unsafe codes
Post by: kmfkewm on July 26, 2012, 10:47 am
Quote from: oscarzululondon
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.

Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.

There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.

Now go and cry to your mother like the little bitch you are.

Javascript by itself can compromise your security because it can be used to pwn browser vulnerabilities, and in fact it frequently is used to do so. Malicious javascript can pwn browsers.
Title: Re: Worried about new unsafe codes
Post by: kmfkewm on July 26, 2012, 10:48 am
This thread is full of trollery, all users should be careful.

It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person. They all log on at the same time, contribute to the same debates, and all give you negative karma at the same time when offended. They all (or one lol) seem to have some kind of personal issue with me, even though all the advice I give people here is genuine and cautious. You can check this out for yourself by viewing their profiles.

As I said earlier in this thread, I'm just here to purely help people. Nothing "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" so far in this thread has helped a SINGLE person. NOT ONE. They are just here to attack and bitch and moan and criticize. So beware.

I've posted evidence and proof. They have just posted moans, whines and bitchyness. Be careful guys.

OZ  :)

Anyone who knows how PHP works knows that you are full of shit


Quote
the amount of stupid oscar has shown in this thread has discredited the intelligence he seemingly had in others.
it is amazing how he continues to try and defend his poor understanding of the site, instead of admit he's wrong.

He shows stupid in every thread that he posts in, maybe this is just the first time you have known enough about the topic at hand to recognize the stupid.
Title: Re: Worried about new unsafe codes
Post by: sourman on July 26, 2012, 11:07 am
Quote
It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person.

Shit, you got me. That's it boys, pack up the gear and let's go home. They finally got us, those drug addled genius bastards. It was only a matter of time I suppose...

Not but really, I wasn't even flaming or trying to be a dick. Just clarifying a few things about PHP, Javascript, and the TBB. I mean, you claimed to have anonymous FTP access to what I presume is SR's web server. Come on man...
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 03:31 pm
Quote from: oscarzululondon
7) Javascript can compromise your identity, it can be used to cause data leaks revealing your real IP address which can then be traced to your residential address unless you're using your neighbors wifi which is the clever thing to do. It can also be used for a variety of other things so stop telling people they are perfectly safe and lulling them into a false sense of security when they aren't.

Javascript on its own does NOT compromise your identity. You will need to use other plugins like flash for that to happen. That is a FACT, there is no room for discussion there nomatter how much you bitch about it.

There are other vulnerabilities in javascript like XSS which I will not discuss here, if you like go read a book about it, but those have nothing to do with compromising your identity.

Now go and cry to your mother like the little bitch you are.

Javascript by itself can compromise your security because it can be used to pwn browser vulnerabilities, and in fact it frequently is used to do so. Malicious javascript can pwn browsers.

90% of the javascript vulnerabilities I come across to is XSS or script kiddies messing around.

I have not seen a vulnerability like the one you are suggesting for atleast 3 years. Usually the attacker will use some plugin like PDF or flash to run its code.

Now if you are running FF 3.5 or IE 6 then I suppose such vulnerabilities do exist.

If you know of any vulnerabilities that would use javascript to exploit a modern browser I will love to hear about them. (Seriously Im not trying to be clever nor am I saying I know everything, I am genuinely interested)
Title: Re: Worried about new unsafe codes
Post by: sourman on July 26, 2012, 04:03 pm
Although modern JS engines are reasonably secure, allowing scripting of any kind is still an unnecessary risk when browsing SR and related sites. Why gamble with Murphy's Law? This risk can be mitigated easily with one click on the integrated NoScript add-on (that you should also update), so there's really no reason to take it, particularly when using resources that aren't supposed to contain client-side scripting anyway.
Title: Re: Worried about new unsafe codes
Post by: steelseth on July 26, 2012, 04:33 pm
I not saying its a good idea to keep javascript enabled or that is a good idea to keep anything else enabled that is unnecessary.
I just saying that Oscar's statement that javascript is a huge security risk is false. 
Title: Re: Worried about new unsafe codes
Post by: goofus on July 27, 2012, 12:47 am
6) The site is poorly coded, not literally but semantically. The code itself is clean, which I already agreed to:

Quote
from reviewing the few bits you mentioned there are no security issues

but semantically, the actual function of the code is terrible. It isn't well planned, shows clear lack of coherent vision and management. Imagine this was Google or Microsoft, they'd be getting ripped right now. The code is messy, example below:

Quote
[snip]

All that just to show an image.

Also the CSS is in the file header, that's amateurish and even if it was purposeful because they thought it made the site faster that's a fallacy for several reasons which any web developer knows.

this is actually excellent design when used in a hidden service. pretty much the only way to knock off a hidden service's server is with a slow-loris style attack (since tor doesn't allow syn flooding, bandwidth multiplying, udp packets, etc). if for example, on the front page, images were loaded as files instead of embedded base64 data, and the stylesheet was kept in its own file, the number of connections required to load the front page would be 17, not one (12 pics of droogs, dpr's avatar, the shopping cart, the logo, the stylesheet, and the page itself). by increasing the number of open connections at any time by a factor of 17, you're setting yourself up for a slowloris-style pwning at the hands of your innocent, unwitting users

Excellent explanation.

This thread is full of trollery, all users should be careful.

It's obvious  "steelseth", "kmfkewm", "Shannon",  "sourman" and "Tienamen" are the same person.

i'm kinda honored to be mentioned with kmf, dood is a hero in this game. but i'm also a sad panda because i was wrong about oscar being a federal psyops agent, this thread's made it apparent to me that he's just a fucking retard :( hanlon's razor at work i guess
this made me laugh

Thnks for the Tor update tip. This discussion is like watching professional athletes in battle: Displays of power, strategy, knowledge, skill and opponent/ally analysis are quite apparent even though I couldn't tell that there was an amateur that snuck in until the feeding frenzy left bits of Oscar scattered on the inside of my screen :o
Title: Re: Worried about new unsafe codes
Post by: sourman on July 27, 2012, 01:01 am
^Definitely! Good info ITT.

Steelseth, yeah I get what you're saying. It's not a huge risk; just making sure anyone who reads this knows to disable javascript just in case.