- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Yay! Badged unlist before in 4!
Admin
:no_entry_sign: :badger:
:-P
Admin
@boomzilla, @PJH, @abarker, @Yamikuronue, @aliceif
The ERV is cute.
Admin
My first time posting before unlist!
Admin
Seems their obfunscation worked, the cutesy in this script is over 9000!
Admin
Admin
Just, wow...
Admin
I don't know whether to be appalled, impressed, or some wretched conglomeration of the two.
Admin
so...... no one is going to tell them that eventually a
XMLHttpRequestis going to have to be constructed to get the video and that needs the unobfuscated URL?or that any decent browser's development tools are going to track URLs and their requests allowing you to find the direct link to the resource you want.....?
Admin
Why would you want to tell them anything? Why ruin all the fun?
Admin
(╯°□°)╯︵ ┻━┻
Admin
Some people have too much time on their hands.
Admin
Admin
Is that JavaScript code, or a badly-formatted list of text emoji?
Admin
Didn't someone post that, or something similar to that, in the article comments for the previous JS abomination?
Admin
QFT. Another pointless exercise in "security."
Admin
Yes.
Admin
RTFA
Admin
APL?
Admin
Here you go:
https://what.thedailywtf.com/t/bidding-on-security/54755/24?u=ixvedeusi
The code in TFA is quite a bit longer but has the same beginning and end, so I'd suppose it's been generated with the same "tool" linked in that post.
Admin
Admin
There was no link, I didn't remember the name, and searching is work I didn't have to do since now someone else did :trolleybus:
Admin
My frist reaction on seeing this was "Interesting I didn't know there was an APL browser plugin"
Admin
Front-End developers lack of knowledge about the wider world of computers & networking should never surprise. I mean, we have people who have made careers out of doing everything on port 80. And I mean everything.
Admin
.... how would someone excrete through port 80..... wait, no. i decided i'd rather not know the answer to that one.
Admin
Admin
Well, first, you need a WSDL file.
I'm imagining some attributes relating to the Bristol Stool Scale.
Admin
It doesn't work. I am sure you have posted a few from my project and I have a fairly good idea who submitted it :D.
Admin
Yeah, same for me
Admin
I've seen lots of excrement passing through port 80...
Admin
One can decode it with:
http://cat-in-136.github.io/2010/12/aadecode-decode-encoded-as-aaencode.html
Admin
https://ooze.ninja/javascript/poisonjs/ also works.
FWIW, deobfuscated with the "secret" string: window.vr='https://openload.co/stream/0A7tR46pxvA~1457207699~83.248.0.0~icQhbWiO?mime=true';window.vt='video/mp4';
Admin
I think it's mainly about googleability by people not familiar with this site.
Admin
Makes me wish for a
DEPOSITverb…Admin
Then scammers would also ask for
WITHDRAWand then where would it end?Admin
Apparently they have never heard of this thing called Wireshark. If someone wants the video bad enough, you can't prevent them from getting it. As Raymond Chen once said (paraphrasing) "they could use the camera on a cell phone" - in this case to record from the screen.
Admin
Back in the day I "downloaded" many a video by using
opera:cachein my browser. It was actually pretty easy to find any cached file and copy it wherever you wanted.Admin
I have written APL code more cryptic than this. But usually more compact. This looks like it could be Facebook written in APL.
Admin
See, all you computer people refusing to see the easy solution.
Admin
Yikes.
And here I thought that that JsF* thing was merely a (bad) joke cooked up on a Friday afternoon after sharing a crate of beer with some fellow nerds.....
That someone would actually use it for something in production is beyond me!
Admin
:wink:
Admin
It's even more basic than that: if you want someone to run a program or view some content on their machine, you have to give them the data and whatever keys are necessary to unlock the data. You can't hide anything from the machine running it/showing it, or it won't be able to run/show it.
Since you don't control the machine, you can't control that they don't access the de-obfuscated/un-encrypted/unlocked content. You can add hoops to jump through, but ultimately it only takes one person bothering to crack your protection for everyone to have access.
Admin
Well, I can pretty much guarantee that Randall used something rather less insane and rather more secure to obscure the location of all the 1190 image files. (If you have to ask, you're not an OTTer)
Admin
MOTHER OF GOD! [image]
Admin
Unless they're using SSL/TLS, then you'll have to resort to man-in-the middle.
Admin
They'll just cause the server to scrape the video and stream it down to the browser.
Admin
Then people can start wearing clothes that will cause them to be invisible on security camera footage. (c.f. Ghost In The Shell) Let the fun begin.
Admin
Then people will make security cameras exempt from the “must not record” rules.
Then people will use security cameras to record copyrighted content.
:popcorn:
Admin
Actually, they'll require a backdoor in the watermark. Wouldn't want the hackers to have to work too hard.
Admin
Am I the only one so immature that I saw Remy's "feelings on this" down the bottom as a pair of bewbs? I would want to feel some of those too, if I had to work with that.