Links!, Feb 6 Edition

Feb 06, 2010

  • No More Root: Little bug in Safari and Google Chrome

    Nice trick for stealing URL-based session IDs or CSRF tokens: Put a webapp URL in a CSS <link> tag, and then just use JS to wait a second or two and read document.styleSheets[0].href. Tada.

  • What’s new in Unicode 6.0?

    An interesting look at some of the politics behind the latest version of the Unicode standard:

    Unicode 6.0 includes some of the most controversial additions to the standard for a long time. In particular, the addition of a large set of characters corresponding to Japanese Emoji 絵文字 used on mobile phones has been the cause of much heated debate…

  • Igor Ostrovsky: Gallery of Processor Cache Effects

    In this blog post, I will use code samples to illustrate various aspects of how caches work, and what is the impact on the performance of real-world programs.

    A short article discussing the effects of processor caches. Includes some very nice graphs.

  • NYTimes: In China Underworld, Hacking for Fun and Profit

    Short profile of a hacker in China:

    Majia, a soft-spoken college graduate in his early 20s, is a cyberthief. He operates secretly and illegally, as part of a community of hackers who exploit flaws in computer software to break into Web sites, steal valuable data and sell it for a profit.

  • McAfee Labs Blog: Hackers Disrupt European CO₂ Market

    In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period.

    Short article discussing recent attacks on the European carbon trading market. Interestingly, one of the vectors seems to be VAT arbitrage: attackers buy and then resell carbon credits, collecting VAT on the sale but never paying VAT on the purchase. Similar to affiliate marketing fraud.

    The close of the article — “OMG APT!” — is pretty tedious, though. I suspect we’re going to se a lot of this FUD in the near future.

  • NYTimes: Intelligence Chief Says Cyberattack Threat Is Growing

    A cyber article from the cyber NYT about how “malicious cyber activity” cyber threatens our cyber nation. Apparently, the cyber risk of a cyber Pearl Harbor has never cyber been cyber bigger.