[WEB SECURITY] code review techniques for when you don't trust your developers or testers

travis+ml-webappsec at subspacefield.org travis+ml-webappsec at subspacefield.org
Wed Aug 19 17:53:08 EDT 2009


On Sat, Aug 15, 2009 at 11:51:11PM -0500, Bil Corry wrote:
> 	Hidden Code Costs Poker Players Thousands
> 	http://catless.ncl.ac.uk/Risks/25.20.html#subj3

If this is the same exploit I recall, what happened was that if the
dealer had an Ace as his hole card, there was a slight delay before it
offered you insurance.  So this was a web app timing attack.
-- 
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090819/c29028e8/attachment.bin>


More information about the websecurity mailing list