Skip to content

Instantly share code, notes, and snippets.

View mtrpcic's full-sized avatar

Mike Trpcic mtrpcic

59 followers · 8 following
View GitHub Profile
@mtrpcic
mtrpcic / gist:8cdd16bf429904756921
Last active August 29, 2015 14:26

Timing Attack

A timing attack is essentially using statistics and a large number of requests to determine certain pieces of information by brute force. For example, let's say you want to break into somebody elses account on Example.com. Example.com happens to be susceptible to timing attacks, and we're going to abuse it.

The Attack Vector

Let's say the internal string compare method of whatever language Example.com is using does a "short circuit compare" when comparing strings. Maybe the code looks something like this:

def is_equal(source, dest):

@mtrpcic
mtrpcic / gist:d10021db737044720015
Created January 13, 2015 18:56
We couldn’t find that file to show.
@mtrpcic
mtrpcic / Usage.md
Created September 20, 2014 02:27

Setup

  1. Put poll.php somewhere on your server
  2. Include poll.js on your web page, anywhere after jQuery. Update the poll interval if you want, and update the URL on line 18 to point to your poll.php file

Viewers

Viewers will start polling every 500ms (the default I set in poll.js) for updates. If an update is found, the page will refresh.

Admin

Admins can make a request to poll.js from directly in their browser (weebcrew.com/poll.php, if that was the path). They need to pass a GET parameter that matches the password defined in the file. If it matches, it will trigger an update to the timestamp file (filename defined in poll.php, and can be changed to anything). A request with the password would look like http://weebcrew.com/poll.php?password=YOUR_PASS_HERE. When users of the site start polling, they'll get this file and compare it to their LOAD_TIME. If the file has an updated time from after they loaded the page, it will trigger a refresh.

@mtrpcic
mtrpcic / FO.rb
Last active August 29, 2015 13:57
# I'm trying to convert a form I'm using over to use "Form Objects". I created a base
# object that all my forms can inherit from:
class FormObject
include Virtus.model
extend ActiveModel::Naming
include ActiveModel::Validations
include ActiveModel::Conversion
def initialize(attributes = {})
@mtrpcic
mtrpcic / gist:5869070
Created June 26, 2013 16:41
d
@mtrpcic
mtrpcic / gist:4260702
Created December 11, 2012 18:05
var UsersController = {
"index": function(){
},
"show": function(){
}
"new": function(){
}
@mtrpcic
mtrpcic / gist:4260693
Created December 11, 2012 18:03
var routes = {
"/users": function(){},
"/users/:id": function(){},
"/pages": function(){}
}
for(key in routes){
Path.map(key).to(routes[key]);
}
@mtrpcic
mtrpcic / gist:4027585
Created November 6, 2012 21:12
1. Use a ruby version
rvm use 1.9.2-p248
2. Create a gemset
rvm gemset create myapp
3. In the root of your app, add a file named ".rvmrc" with the following contents:
@mtrpcic
mtrpcic / gist:4027237
Created November 6, 2012 20:17
function handler(animate){
return function(path){
get_page(path, animate);
}
}
@mtrpcic
mtrpcic / gist:3953408
Created October 25, 2012 15:35
Sales Zen Javascript
--------------------
Client-Side Routing
Client-Side Models
Client-Side Views (EJS)
Widget System
Standardized Resource Pulling (No more $.ajax!)
jQuery, Twitter Bootstrap, jQuery UI