[Noisebridge-discuss] Rubin is hawt.

Tom Longson (nym) tomlong at gmail.com
Tue Nov 3 02:00:29 UTC 2009 

So it appears as if they actually have most of their bases covered.
They appear to be using cookies, and looking at IPs. They require a JS
include, and have a lot of what are probably IP specific variables in
that include. They write out the form to the DOM, and even the submit
is done via a JS function ( PDF_a2176834(0); for me ).

One technique could be to write another JS script that identifies the
radio button that is next to the text "Rubin", mark it as selected,
then fire the click handler for the submit button. The guy behind
del.icio.us did a similar attack on a poll site using del.icio.us at
one point, essentially sending all his visitors as unaware ballot
stuffers, each with their own unique IP.

Not that I'm encouraging ballot stuffing, just interesting stuff.

Cheers,
Tom Longson (nym)
------------------------------
http://tomlongson.com




On Mon, Nov 2, 2009 at 5:44 PM, Tom Longson (nym) <tomlong at gmail.com> wrote:
>
> Haven't had time to research this further, but here's a link about a PollDaddy exploit:
> http://www.hackerslane.com/2009/polldaddy-polls-unlimited-voting-exploit/
> Cheers,
> Tom Longson (nym)
> ------------------------------
> http://tomlongson.com
>
>
>
>
> On Mon, Nov 2, 2009 at 5:30 PM, Rachel McConnell <rachel at xtreme.com> wrote:
>>
>> I'm lazy.  Where's the stuffing script?
>>
>> Nicole Aptekar wrote:
>> > Rubin simply must win. 42% of all votes isn't nearly the lead he should
>> > have. If he's not at 90% by the end of the day, something's seriously
>> > wrong. Go vote!
>> >
>> > On Mon, Nov 2, 2009 at 17:22, Tom Longson (nym) <tomlong at gmail.com
>> > <mailto:tomlong at gmail.com>> wrote:
>> >
>> >     > You know what to do.
>> >
>> >     Call Leif?
>> >
>> >
>> >
>> >     On Mon, Nov 2, 2009 at 5:17 PM, esc <mediapathic at gmail.com
>> >     <mailto:mediapathic at gmail.com>> wrote:
>> >
>> >         Some of you may know Rubin.
>> >         Some of you may have heard of zivity.
>> >
>> >         http://blog.zivity.com/2009/11/02/zivity-dude-2009-time-to-vote/
>> >
>> >         You know what to do.
>> >
>> >         --steen
>> >         _______________________________________________
>> >         Noisebridge-discuss mailing list
>> >         Noisebridge-discuss at lists.noisebridge.net
>> >         <mailto:Noisebridge-discuss at lists.noisebridge.net>
>> >         https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >
>> >
>> >
>> >     _______________________________________________
>> >     Noisebridge-discuss mailing list
>> >     Noisebridge-discuss at lists.noisebridge.net
>> >     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>> >     https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >
>> >
>> >
>> > ------------------------------------------------------------------------
>> >
>> > _______________________________________________
>> > Noisebridge-discuss mailing list
>> > Noisebridge-discuss at lists.noisebridge.net
>> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>

More information about the Noisebridge-discuss mailing list