Hacker Newsnew | past | comments | ask | show | jobs | submit | geovedi's commentslogin

o'rly? i thought he lives forever.


good! now i can start filtering #4sq and random twitter quizzes.


Cool. Hiding checkins is a very popular use case.


congrats, but now the padmapper site is unaccessible. ;-)


http://padmapper.com was entirely built by one man, Eric DeMenthon. He must be dealing with the new wave of traffic after Ashton Kutcher posted the link to my video. Wish him luck, he has done a hell of a hacking job to put that site together.


It's back on again. The developer is pretty responsive on twitter: http://twitter.com/#!/padmapper


Should be back up, sorry about that!


it's possible. iff the target sites are stupid enough by not doing proper input validation and/or origin check.


What is meant by "target" sites?

Do you mean a site that uses a third party authentication?

If we need every website out there to code security checks for these third party systems, I doubt we can rely on that


So how do these third party authentication systems protect against this pretty straightforward javascript way of circumventing the authentication? Anyone know?


maybe you can. if you outsource the development and both parties agreed in the contract--to maintain certain level of software reliability/security.


If full name is not really important, i suggest to ignore it.

Username / Password / Email


One step further is to make email as the username. This removes a field from the form and also improves the chances that the email given is really used.


And some sites just use Email instead of Username :)


Please stop wasting your precious time.

yep, i'm senselessly stuck in bad job situation. lol


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: