Comments on Kick me in the nuts: Red Listing

a) why wow? it makes sense to me to not want to im...

2008-06-26T08:54:00.000-07:00

a) why wow? it makes sense to me to not want to impact sales. =) we require cookies to be enabled though. i wish we didn't, but in order to implement our cross domain single signon system (SSO), we had to do it. we display a nice "we require cookies page" similar to the one that gmail displays.

b) I'll make another posting at a later date about how I already tried making it more expensive for them and they (within a day) worked around it. Sure, it wasn't as expensive as firing up rhino, but it required parsing the html. Executing the javascript in rhino is just the next step for them. Not a big deal if you are a hacker and know what you are doing.

a) Wow.b) Yet the attack would be made more expens...

2008-06-25T23:47:00.000-07:00

a) Wow.
b) Yet the attack would be made more expensive for them.

a) we don't require javascript for login (or our s...

2008-06-25T09:02:00.000-07:00

a) we don't require javascript for login (or our sites). that might have an impact on sales.
b) all spammers need to do is use Rhino (or another javascript engine) to get past that check.

If your website requires JavaScript you could use ...

2008-06-25T07:20:00.000-07:00

If your website requires JavaScript you could use something similar to WordPress HashCash:
http://wordpress.org/extend/plugins/wp-hashcash/