I tryed to run diablominer on beaglebone and it gave me the following errors

I'm guessing it can't find the screen(which their isn't one) and thus can't find the OpenGL chip on board and just stops right then and their ?

I realise that fact that the cookie is sent with the request. I mean tho that the XSRF attacker would have to "know" the cookie value as well by requiring the cookie value to be placed in each request

For example lets say this is a legitimate request from the merchant....
http://cheaperinbitcoins.com/api/update_product.php?product_id=1&price=0.00&cookievalue=123456

My script would then check that the cookie request it self was valid and that it matches the value included in the GET request and see that the cookie value and the string query value(named cookievalue) are in fact 123456.

Now lets say an attacker did the following
http://cheaperinbitcoins.com/api/update_product.php?product_id=1&price=0.00

My script would then check that the cookie request it self was valid and that it matches the value included in the GET request, how ever this time it sees that the cookie value is " blank " and dosen't match the users cookie value.

--------------------
Some thoughts on my mind, the only way an attacker could spoof a request is if they knew the cookie value exactly.

This would require for an attacker to either
*Have control of my website to inject javascripts to auto send the correct value(which is pointless if you already have control you might as well just start changing stuff like you own the place)

*Found a way around my satiation inputs to inject JavaScript to acquire the merchants cookie value and later send it to a program that will run the script to deface the product page.

Forgot to include my solution exactly... basically my solution is this


http://cheaperinbitcoins.com/api/update_product.php?product_id=1&price=0.00&cookie=<insert encrypted cookie value here>

I'm working on a WYSIWYG "product page editor" for Cheaper In Bitcoins so my merchants can look at their product page and edit it by clicking on specific elements(like price, title, description) instead of using a monolithic form to fill out but I'm using Ajax get requests and would like to avoid XSRF attacks on peoples products. I'm thinking maybe to prevent this I could have a javascript load the already encrypted cookie session to sign the request. Does this sound like a solution to prevent XSRF attacks?

For instance my website cookies should only be loaded on my website "CheaperInBitcoins.com" so I'm assuming that in order for some one to do a XSRF attack it would at least be limited to my own website. So if someone where to have an image on bitcointalk.org that really linked to http://cheaperinbitcoins.com/api/update_product.php?product_id=1&price=0.00
an attempt to make the merchants products free (or even worse deface the products description from a competing seller)

The product wouldn't update because the cookie isn't included in the request and thus wouldn't ever successfully work.
The cookie would never be included unless your using a hacky browser which sends cookie data to websites with out regard to the domain(which almost no normal user would be using so thats not the case)
My website would check the cookie of course and make sure that it validates with the logged in merchant.

Am i missing anything?
comments suggestions?

The next draw is on the 22nd all participating customers and merchants qualify this month. Those who took out loans this month with Islamic Bank of Bitcoin are automatically entered into the drawing.

Hello, I'm putting out there that I have produced many music tracks that are mostly influenced by electronic music and electronic sounds.
I have produced non electronic music before but don't have anything really to show for that. My soundcloud account can be found here: http://soundcloud.com/djtheatom

Here is an example of an intro I produced in about 2 hours: http://www.youtube.com/watch?v=HzYcRFoOVQ8&feature=plcp

I also have experience in Aftereffects editing(and special effects like blood splatters and motion tracking)

PM me for quotes on your projects.

Oh yeah I played with those, they were a pain in the but to control from a microprocessor

Cheaperinbitcoins requires 0.01 BTC per merchant per order(so no matter what its guaranteed to be redeemed by the merchant almost by the first block)

Did two messages back ruin the chain?

I geez I should have clicked the link in the OP before i wrote my reply down i was just in a hurry dont mind me, I'll just keep following closly anyways this is interesting subject

When shall I try pecker, pee, crying?

Aren't their SQL database tables that have a "write and read" option?

This is a good point your bringing up.... Having hashing power to verify SQL databases... Publicly?

My 5 BTC that I hold on to could run the world economy with ease and there haven't been a total of 21 million bit coins mined so their plan would be found out long before anyone would let your scenario happen.

So Fry wants two ellets?

ScottJ took the prize for being the most active in cheaper in bitcoins.com

He one a 1 Gram silver Bitcoin(.999 silver)
and one Cassius coin (courtesy of http://ib-bitcoin.com)

Fixed!

I'm the only one that I know of that gets their wisdom teeth pulled with out being put to sleep(I've had 3 wisdom teeth pulled in one dental session before too), I didn't know I was so hardcore

Ego +1

Excellent thanks for the bug report.

Buy something from http://cheaperinbitcoins.com within the next hour and win a prize!!

Each order is one ticket
Each ticket is good until the rest of the month
The drawn ticket is invalid forever after being drawn once