greptilian logo

IRC log for #virtualJUG, 2016-08-25

virtualjug.com

| Channels | #virtualJUG index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
03:15 jeremyheiler joined #virtualJUG
03:55 edburns joined #virtualJUG
09:08 radcortez joined #virtualJUG
11:57 millrossjez joined #virtualJUG
12:21 philbot joined #virtualJUG
12:21 Topic for #virtualJUG is now Welcome to the Virtual JUG - http://virtualJUG.com. IRC logs can be found here -> http://irclog.greptilian.com/virtualJUG/today
13:50 millrossjez joined #virtualJUG
14:17 adidas joined #virtualJUG
15:22 imke joined #virtualJUG
15:32 Catman joined #virtualJUG
15:35 Guest21101 joined #virtualJUG
15:38 Guest21101 joined #virtualJUG
15:40 bolynyk joined #virtualJUG
15:41 Guest21101 joined #virtualJUG
15:47 imke joined #virtualJUG
15:49 thanuja joined #virtualJUG
15:50 radcortez joined #virtualJUG
15:51 Abhijith joined #virtualJUG
15:51 rawhide58 joined #virtualJUG
15:55 Geoff-MGC joined #virtualJUG
15:55 rav121 joined #virtualJUG
15:55 zeeshan joined #virtualJUG
15:56 Sammy joined #virtualJUG
15:57 geoL joined #virtualJUG
15:58 radcortez hi guys
15:58 radcortez we will start soon
15:59 zeeshan thanks
15:59 HarryM joined #virtualJUG
16:00 JMan joined #virtualJUG
16:00 Jitendra joined #virtualJUG
16:01 Arvind joined #virtualJUG
16:01 kaps joined #virtualJUG
16:01 RSH joined #virtualJUG
16:01 MaryG joined #virtualJUG
16:02 Trump joined #virtualJUG
16:02 Abhijith joined #virtualJUG
16:02 trsumit joined #virtualJUG
16:03 mselender joined #virtualJUG
16:03 imke joined #virtualJUG
16:03 aprorok joined #virtualJUG
16:03 MaryG joined #virtualJUG
16:03 jormen joined #virtualJUG
16:03 alfasin joined #virtualJUG
16:03 faridadhami joined #virtualJUG
16:03 arw537 joined #virtualJUG
16:04 radcortez we are live :)
16:04 ven joined #virtualJUG
16:04 tmfjr joined #virtualJUG
16:05 goutham joined #virtualJUG
16:05 tmfjr joined #virtualJUG
16:05 erickjvallejo joined #virtualJUG
16:06 ehsanullahjan joined #virtualJUG
16:07 Jitendra joined #virtualJUG
16:07 imke joined #virtualJUG
16:07 bertp joined #virtualJUG
16:07 jor__ joined #virtualJUG
16:09 JayJJ joined #virtualJUG
16:10 mrgrew joined #virtualJUG
16:12 radcortez Link: https://t.co/eNPPuZrDbx
16:12 radcortez for 1st Demo
16:12 arw357 joined #virtualJUG
16:13 nabilov joined #virtualJUG
16:13 pathfinder2104 joined #virtualJUG
16:15 stalp joined #virtualJUG
16:16 Pranav joined #virtualJUG
16:17 radcortez we are big hackers :)
16:20 radcortez Link for the 2nd demo: https://t.co/7OG0oSoVrO
16:21 pathfinder2104 (y)
16:22 pdurbin I was having deja vu about this talk until I realized we only heard half of it last time: http://irclog.greptilian.com/virtualJUG/2014-11-26 :)
16:23 radcortez :)
16:23 Geoff-MGC You got me!
16:23 pathfinder2104 :)
16:23 Prince joined #virtualJUG
16:25 radcortez jack? are you around? :)
16:25 pathfinder2104 Captain Jack Sparrow got caught :)
16:25 Geoff-MGC I'm gbabb
16:25 goutham yeah..
16:26 goutham I just spoofed my name :|
16:26 abnair2016 joined #virtualJUG
16:26 iosif joined #virtualJUG
16:26 Geoff-MGC Thanks...
16:26 alfasin Can you hijack the IRC session ? :P
16:27 abcdescu joined #virtualJUG
16:28 prabin joined #virtualJUG
16:29 goutham How does google chrome manage cookies ? I mean the sessionID isn't read from cookie if I use an incognito window
16:30 riccardo joined #virtualJUG
16:30 radcortez I don't think we have a demo to IRC :)
16:30 radcortez or to hijack IRC
16:31 radcortez goutham I'll ask it
16:32 goutham Hey Thanks...
16:34 radcortez let patrycja get back to the browser
16:37 stickynote joined #virtualJUG
16:38 radcortez Demo 3 Link: https://t.co/ItiVrLHAbJ
16:39 Raju joined #virtualJUG
16:39 pdurbin sounds like she'll try to hack IRC next time! nice! :)
16:40 tonyhefhjdgsffd joined #virtualJUG
16:40 radcortez :)
16:40 Sathish joined #virtualJUG
16:40 prabin I see mine
16:41 radcortez cool :)
16:42 arw357 joined #virtualJUG
16:47 Guest21266 What was the "new Image().src=" for in the malicious script?
16:47 radcortez it was a trick to bypass the server security that doesnt allow to call sutff from other hostnames
16:48 radcortez but I'll ask patrycja for more details
16:49 kaps joined #virtualJUG
16:50 Catman joined #virtualJUG
16:51 Guest21266 thanks for asking the question.. it's clear now
16:52 ntanis joined #virtualJUG
16:54 Guest60721 joined #virtualJUG
16:54 ehsanullahjan An amazing book on security -- Iron-Clad Java: https://www.amazon.com/Iron-Clad-Java-Building-Secure-Applications/dp/0071835881/ref=sr_1_1?ie=UTF8&qid=1472144036&sr=8-1&keywords=iron-clad+java
16:55 arw357 i guess phones gotta keep on ringing
16:57 radcortez ;)
16:58 radcortez thank you for the link ehsanullahjan :)
16:58 goutham IF the user logs on doesn't the server create a new session for that user ?
17:00 radcortez sec
17:00 radcortez Ill ask
17:00 Guest60721 joined #virtualJUG
17:00 radcortez btw guys send in questions if you want we are about to get into QA
17:03 Guest60721 joined #virtualJUG
17:05 Guest60721 joined #virtualJUG
17:05 goutham Learnt a new point : A session can be initialized for the user even before logging into the application
17:05 goutham Thanks for answering
17:05 radcortez :)
17:06 trsumit Is it a good idea for session migration from anaoymus user to authenticate user in case of ecommerce application which have shopping card functionality and only time of payment user is logged in
17:07 pdurbin if Java EE doesn't support fingerprinting, which framework does?
17:08 goutham I still don't get fingerprinting exactly. I mean we can definitely sniff the headers from a request and then manually check them ourselves as a part of application logic...?
17:09 radcortez yes we can
17:09 radcortez the idea is that you check them out with other requests from the same user and try to figure out if something change
17:09 alfasin joined #virtualJUG
17:09 Guest60721 joined #virtualJUG
17:10 radcortez demo4 : https://t.co/V2Q0SkZM0b
17:11 radcortez attack: https://t.co/USxbX2nhSA
17:12 radcortez pdurbin I'll ask
17:13 Guest60721 joined #virtualJUG
17:16 goutham Can we access the source code ?
17:16 jor__ left #virtualJUG
17:17 Guest60721 joined #virtualJUG
17:17 stalp left #virtualJUG
17:19 smoyer joined #virtualJUG
17:19 goutham Ok,, thanks a lot ..
17:19 pdurbin radcortez: thanks!
17:19 bertp thanks
17:20 pdurbin sounds like Spring Security has a lot of these features but it may not to be use wise to use it in conjuction with Java EE
17:20 arw357 thank you , it was really interesting
17:20 goutham Thanks a lot for the insightful talk ..
17:20 radcortez my pleasure guys
17:20 zeeshan left #virtualJUG
17:20 radcortez hope everyone enjoyed it
17:21 Patrycja joined #virtualJUG
17:21 pdurbin good stuff. I'm glad slides etc will be posted after JavaOne
17:21 Guest60721 joined #virtualJUG
17:22 radcortez yes, follow Patrycja on twitter: @yonlabs and you will get the link :)
17:23 ntanis left #virtualJUG
17:25 Guest60721 joined #virtualJUG
17:26 chuck-d joined #virtualJUG
17:26 mselender joined #virtualJUG
17:28 Guest60721 joined #virtualJUG
17:32 millrossjez joined #virtualJUG
17:32 millrossjez joined #virtualJUG
17:45 smoyer joined #virtualJUG
17:45 mselender joined #virtualJUG
17:53 faridadhami joined #virtualJUG
17:54 millrossjez joined #virtualJUG
20:39 patrycja joined #virtualJUG

| Channels | #virtualJUG index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

virtualjug.com