Okay, your post deserves a thorough response and probably a few
updates to our issue tracker, but it is way past my bed-time and I'm
just going to fire off what comes to mind.
On Sun, Jul 25, 2010 at 11:01 PM, Chris Palmer ch...@noncombatant.org wrote:
Did you/he try to create a file that loads
Zooko O'Whielacronx writes:
Okay, your post deserves a thorough response and probably a few updates to
our issue tracker, but it is way past my bed-time and I'm just going to
fire off what comes to mind.
Fair enough; I did my bug-hunting in the same spirit. :)
Did you/he try to create a
The unguessable caps make the attack payload trickier than the usual
trivial-pwnage payload, but not impossible.
Yeah, it means that the attacker cannot acquire authority (the ability
to read or write a tahoe file) by merely guessing at a URL: they have to
steal one from a tab which already
Wade Simmons told me that he spent several hours trying to exploit
Tahoe-LAFS in order to create and win the Fourth I Hacked
Tahoe-LAFS! T-Shirt, but that he couldn't figure out how to do it.
I work with Wade at SimpleGeo and I have a high opinion of his
engineering skill.
He explored what
Zooko O'Whielacronx writes:
I had thought, based on what a few web security experts had told me,
that it would be easy for the attacker to take advantage of this
situation, but Wade reported that he was unable to do it. He was using
Safari 5 for testing.
Did you/he try to create a file that