Archive for April 2009
With my Javascript preprocessor project due in in less than two weeks, and now (mostly) all written and working pretty well I have JUST figured out a FAR better way to do the whole project. This is highly irritating to say the least, and now I have to find a way to justify why I didn’t do it that way in the first place without saying “I didn’t think of it”.
This new version allows full C-like text replacement and pre-processing, as well as totally custom symbols like “#define”, when “#” isn’t even a valid Javascript character:
#define VALUE (42)
alert(VALUE);
#define LOOP for (var i = 0; i < 10; i++)
LOOP
{
alert(i);
}
Anyone who knows Javascript can tell you that what I just posted is not valid, and if you don’t know it then take my word on it. However it IS valid yavascript and can be run in any modern browser (or should be able to, I’ve only tested in FF3 and IE6) with no modification at all!
Over the last few weeks the website Twitter has been the victim of a number of XSS attacks, responsibility for which have been claimed by a young hacker from Brooklyn called Michael “Mikeyy” Mooney. As a result of these hacks he has been offered a web development and security analysis job with a company called exqSoft (see The Register). All this would imply he’s quite good at what he does, he has stated that the Twitter attacks were done out of boredom, however it seems that his time may have been better spent attacking his own site. At least one of the attack worms were designed to advertise his website, stalkdaily.com, a twitter clone he claims is better. Given his attacks on Twitter I decided to have a look and see just how secure his site was. In short the answer is not very…
