Posts Tagged ‘javascript’

IE6 effect in HTML5 – How It Works [updated]

Thursday, October 7th, 2010
ie6 html effect

Quick update: Thanks for the endorsement Mr. doob! I’m honored :)

Here is a web site with a cool Javascript effect by Mr. doob, recently posted on HN & Reddit. I’m trying to get better at my Javascript so here’s my dissection of this interesting effect, if you’re interested in learning how this is done.

First, create a HTML 5 canvas element (highly recommended short read about canvas here). Make its width and height the same size as window.innerWidth and window.innerHeight so that it fills up the content area of the browser window. Append the canvas element to the document body.

var canvas = document.createElement( 'canvas' );
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
canvas.style.display = 'block';
document.body.appendChild( canvas );

As of now, there’s only a 2D context to pick from. In future, there might be a 3D context based on OpenGL ES (quote). So just get the context with getContext, and then create the image element.

var context = canvas.getContext( '2d' );
var image = document.createElement( 'img' );

Now let’s add an event handler to the image for when the image loads. ‘this’ refers to the image element itself. bitmapWidthHalf and bitmapHeightHalf is exactly what it means: half the length of the image’s width and height respectively. Math.floor is used to round the result of the division down to the nearest integer.
(more…)

Tags: , , ,
Posted in coding, javascript, python | 2 Comments »

JavaScripherTution in{j|f}ection

Monday, June 16th, 2008

This is a cross-post from my company‘s blog that I posted today.

The injection of malicious <script src="malicious.js"> JavaScript tags on a massive scale into everyday popular and reputable Web sites, commonly visited by the casual surfer at home (and at work), has been the trend. Today, as my team and I here at Security Labs made our routine rounds around the block to spy on what the bad guys are up to next, we discovered a somewhat weak but interesting piece of malicious code, whose techniques date back to the early days of encryption – the substitution cipher.

Wikipedia has a good introduction on this topic:

In cryptography, a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

Doing a character for character substitution, using a keyword of “MALCODE“, we get:

Plaintext:  ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: MALCODEHIJKFBNGPQRSTUVWXYZ

Using that mapping, we can encrypt a message from a hypothetical botnet master to his/her herd of bots from this:

LAUNCH THE DDOS ATTACK NOW

to this:

FMUNLH THO CCGS MTTMLK NGW

It’s a very trivial algorithm, and extremely weak in terms of the protection it provides (by today’s standards), but it is definitely good enough to conceal the true message from casual prying eyes. This was certainly as good as bulletproof during the days of Julius Caesar (wow, we’ve come a long way!).
(more…)

Tags: , , , ,
Posted in security research, technology, websense | No Comments »