Skellywag

Sunday, September 14, 2008

Eco-tastic Turnips

Shiatsu, odd-vegetable competition, bmx-ing, and lentil-fuelled carbon-neutral farting for world peace.
All part of the new Brixton Transition Town thingy. Just remember to get that combined tetanus-HIV jab when pulling those spuds from the soil behind the lock-ups, kids!


Friday, September 12, 2008

Large Hadron Collider

Well, the world did not end when the Large Hadron Collider was switched on the other day. There are now two webcams set up at CERN so you can see what's happening inside the giant torus.


Monday, September 01, 2008

Verified by Visa is totally broken

My bank uses Visa credit cards. Visa has just rolled out a new "Verified by Visa" (VFV) system, which is supposed to be more secure.

In fact, VFV relies on XSS, random, unrecognisable third-party sites, and a generally woeful user experience which completely goes against security best practice.

There is background here: The 'Verified by Visa' fiasco ... courtesy of ANZ

In my case, thank fuck I was using Firefox with NoScript, for just look what it detected:

[NoScript XSS] Sanitised suspicious upload to [https://secure5.arcot.com/acspage/cap?RID=1234&VAA=B] from [https://select.worldpay.com/wcc/card]: transformed into a download-only GET request

What the hell is "arcot.com"? Why is at least WorldPay not processing this? Who authorised some random third-party site to access my credit card AND bank-specific security questions? And why the FUCK does it all rely on dodgy cross-site scripting to work?!?

All extremely shoddy, and designed to vapourize human confidence in online shopping. Well done Visa, you utter fuckwits.