- Many (most) routers use UPnP for configuration, which uses SOAP over HTTP.
- Despite there being an autodiscovery phase to UPnP that involves non-HTTP packets, you can guess a router's IP anyway and you don't need to do autodiscovery to run commands.
- Flash lets you set arbitrary HTTP headers and POST to arbitrary hosts. This is standard XSRF -- the POSTing could be done with DHTML, so Flash is just needed to set the SOAP header.
- Therefore, malicious Flash can run port-opening commands on your router.
"Now you have two problems." Wikipedia has preliminary support for some new expressions in their markup, including an "if" statement. From the…
The wikimedia foundation has a 2005 budget summary up. They want, among other things, $125k for hardware for this quarter alone. (The earlier…
I was thinking about some toy projects for Wikipedia data again and I poked around some Wikipedia code. Two observations: Good'ol timwi strikes…