[Noisebridge-discuss] Rubin is hawt.
Tom Longson (nym)
tomlong at gmail.com
Tue Nov 3 02:25:50 UTC 2009
Yeah, if you could get a script into the comments, that would be
great, but also much easier to detect. If you have a ton of votes
coming from another site (like del.icio.us), the pollsters can't tell
where it's coming from, and have to assume they're legitimate.
nym
On Mon, Nov 2, 2009 at 6:23 PM, Micah Lee <micahflee at gmail.com> wrote:
>> One technique could be to write another JS script that identifies the
>> radio button that is next to the text "Rubin", mark it as selected,
>> then fire the click handler for the submit button. The guy behind
>> del.icio.us did a similar attack on a poll site using del.icio.us at
>> one point, essentially sending all his visitors as unaware ballot
>> stuffers, each with their own unique IP.
>
>
> But you'd need to find a cross site scripting vulnerability somewhere on
> that page to make this code run for everyone who goes there, right? Also,
> everyone who goes there wouldn't be able to vote, because they already voted
> for Rubin. Hawt.
>
> Micah
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
More information about the Noisebridge-discuss
mailing list