|
printable version
- js reader version
- view hidden posts
- tags and related articles
View article without comments
by johnk
Sunday, Mar. 10, 2013 at 10:00 AM
This is for Javascript developers who may want to consider developing a client for this site.
Dearest Developers: This site now generates a JSON data dump of each article. The URL of the JSON data is the same as the article's URL, with the "php" replaced by "json". http://la.indymedia.org/news/2013/03/258838.json This is basically a dump of our internal data. Nothing has been omitted at this time, though in the future some fields might be lost. So this non-API may change. However, given our past history with failure to keep up with software changes, odds are this ad-hoc dump is as good as any set-in-stone API out there, because the big APIs change every couple years. We've outlasted a lot of other sites, and are slow to change. If you do develop a JS client (or any client really), THANK YOU! Remember, however, that you can't put ads on the stories or in the client, because the articles are only allowed to be reused non-commercially (unless you get an agreement with the original author). Our standard agreement is an article is free for noncommercial use by us and by noncommercial sites, but copyright belongs to the author. (The exception being Fair Use, of course. Also, it's unclear what status RSS feed data has. I've assumed RSS data is reusable for anything without restrictions.)
Report this post as:
by nasty boy
Tuesday, Mar. 12, 2013 at 8:48 AM
Is this the reason the report system has been constantly disabled, reset, I.D. numbers changed and the minimal attendance to the report feature have occurred? jest me asking... how was that tenth year anniversary? You never reported it with a minor post that I ever noticed. Maybe I missed it. :>)
Report this post as:
by crazy_inventor
Tuesday, Mar. 12, 2013 at 1:07 PM
json-js_exploits.png, image/png, 600x489
"JSON exploit" About 385 results Anatomy of a Subtle JSON Vulnerability http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx Nov 20, 2008 it was successfully demonstrated against GMail a while back. The post, JSON is not as safe as people think it is, http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html covers it well, but I thought I’d provide step-by-step coverage to help make it clear how the exploit works. you've been HAACKED - json http://haacked.com/tags/json/default.aspx Exploiting JSON Framework : 7 Attack Shots http://www.infosecwriters.com/text_resources/pdf/ExploitingJSON_ASood.pdf json array exploit https://www.ibm.com/developerworks/mydeveloperworks/blogs/pmuellr/entry/json_array_exploit JSON Hijacking Vulnerability Nov 2, 2010 http://spreecommerce.com/blog/json-hijacking-vulnerability Is it possible to XSS exploit JSON responses JSON responses can be exploited by overriding Array constructors http://stackoverflow.com/questions/3146324/is-it-possible-to-xss-exploit-json-responses-with-proper-javascript-string-escap JSON Hijacking Jun 24, 2009 http://haacked.com/archive/2009/06/24/json-hijacking.aspx JSON Data Exploits Jul 7, 2011 http://frankspeech.tumblr.com/post/7331368757 Rails JSON and XML security bugs Jan 9, 2013 They concern the parsing of JSON and XML request bodies and can ... and more serious than, the recent SQL injection vulnerability http://blog.brightbox.co.uk/posts/rails-json-and-xml-security-bugs Exploits Mar 22, 2012 JSON hijacking is an exploit which has not had the publicity it perhaps deserves. It is a real risk to website security http://www.mattlunn.me.uk/blog/category/exploits/ "JS exploit" About 125,000 results Remove JS/Exploit-Blacole virus Dec 11, 2012 Remove Exploit:JS/Cooexp.A Jan 17, 2013 McAfee Communities: What is JS/Exploit-Blacole.i? Mar 18, 2012 JS/Exploit-Rekit.b Jan 31, 2013 Undetected Js Exploit - Bitdefender Forum Nov 28, 2012 Cool Exploit Kit (other); Exploit.JS.Pdfka.ggz (Kaspersky); Cooexp.A (Norman); EXP/JS.Expack.CO (Avira); JS/Exploit-Blacole.gq (McAfee) JS/Exploit - Sophos Apr 30, 2002
Report this post as:
by nasty boy
Wednesday, Mar. 13, 2013 at 8:56 AM
why the hell didn't they use CAPTCHA as a "human" qualifier? This math question is able to be hacked very simply. I sometime believe that someone wants this newswire to be vulnerable on many levels. Look at the IMC wasteland out there. Most of the sites are down but still listed. Enemy action and lackadaisical involvement aren't a good mix. Then there's the mole / infiltration factor. No transparency is also a bad idea unless security is involved. An announcement is not transparency.
Report this post as:
by crazy_inventor
Wednesday, Mar. 13, 2013 at 10:17 AM
Sites exist that make you solve one to obtain something you want - say a serial.
But the CAPTCHA they place on the page simply links back to here (assuming they used a CAPTCHA here)
So they have uninvolved people solve the CAPTCHAs for them..
I'm not saying the JSON/JS here IS unsecure (how would I know - I keep it disabled), but assurance was replied here that JS couldn't BE exploited...
- Hits go back to 2002 about JS exploitation.
And MD5 - rainbow tables anyone ?
The moleing is in the consensus, and the real control is in pleasing the foundations.
Besides most of the material I collect, write and air can't even be posted on here.
I've decided to post on onion forum insted - I just registered crazy_inventor and posted what I would have posted here. (before I posted there as anon/guest)
IMC hates dox, especially on people like Michelle Obama, Joe Biden, Robert Mueller, Hillary Clinton, Eric Holder, Charlie Beck, Sarah Palin, Donald Trump, Arnold Schwarzenegger, and Al Gore.
Such posts lead to the feds seizing their servers, and endangers their foundation grants.
There's no problem with any of that on the onion forum, plus you can register and keep anyone else from spoofing your handle.
Report this post as:
by curious
Friday, Mar. 15, 2013 at 3:39 PM
how can CATCHA " be defeated" It would seem to be advanced AI to do so.
Report this post as:
by crazy_inventor
Friday, Mar. 15, 2013 at 5:17 PM
Fastest captcha bypass , Cheapest captcha solver, real decaptcher
CBH captcha solver
Download CAPTCHA Solver 1.1
captcha-breaking-library - A library and scripting language
Artificial Intelligence, NeuralNetwork
Social Captcha Solver (SCS)
I'm making a PHP class that solved Captcha's socially - it keeps track of the original URL, the Captcha key, challenge, response, status
Captchainfinity | Captcha Solver | Automatic Captcha
Simple CAPTCHA solver in python
Captcha solver
Do any of you know about a good captcha solver that is either for free or cheap?
Cheapest CAPTCHA bypass service — Death by CaptchaA hybrid system composed of the most advanced OCR system on the market, along with a 24/7 team of CAPTCHA solvers.
An average response time of 15
Captcha Solver for Ikariam
Captcha Sniper
recaptcha
Gsa Captcha Breaker
Auto Captcha Solver Software
I need some kind of captcha solver, ASAP. :P
The 3rd party captcha fees are killing me and seriously limiting my campaigns.
-------------------------------------------------------------------------------------
I have these in my archive :
YahooCAPTCHARecognition.rar
Captch Sniper v1.2.exe
Captcha Sniper Users Guide.pdf
Report this post as:
by johnk
Monday, Apr. 21, 2014 at 5:51 AM
The point of the math question was to discourage robotic post programs. It did that.
It didn't discourage human spammers, but there were fewer of them.
As for json - yes, there are issues with it, but the safety comes from using a safe decoder. The risk of displaying bad code exists, though. If the HTML code contains something like an iframe or img, maybe that's a risk there.
Report this post as:
|