Comments on: Black Cards (a.k.a. Evil Stories) http://blog.m.artins.net/black-cards-aka-evil-stories/ On software & technology Tue, 27 Jul 2010 14:49:52 -0600 hourly 1 http://wordpress.org/?v=3.0 By: Carlos Villela http://blog.m.artins.net/black-cards-aka-evil-stories/comment-page-1/#comment-576 Carlos Villela Tue, 02 Dec 2008 14:58:58 +0000 http://blog.m.artins.net/?p=124#comment-576 One interesting estimate to keep track of in those cards is the likelihood. We used a betting system on an app earlier this year (developers would place simple bets on which problem was more likely to occur first - in pints of beer). My favourite so far has been "in order to increase the visits to my 'herbal viagra' site, I want to use XSS to embed links to it in the system", because it's incredibly simple to prevent in most sites and yet we rarely do it well. One interesting estimate to keep track of in those cards is the likelihood. We used a betting system on an app earlier this year (developers would place simple bets on which problem was more likely to occur first – in pints of beer).

My favourite so far has been “in order to increase the visits to my ‘herbal viagra’ site, I want to use XSS to embed links to it in the system”, because it’s incredibly simple to prevent in most sites and yet we rarely do it well.

]]> By: alexandre http://blog.m.artins.net/black-cards-aka-evil-stories/comment-page-1/#comment-574 alexandre Tue, 02 Dec 2008 14:19:21 +0000 http://blog.m.artins.net/?p=124#comment-574 Thanks Mr. Coombes! Just updated the story to the one you provided. Actually we used a story similar to the one you wrote. Thanks Mr. Coombes!
Just updated the story to the one you provided. Actually we used a story similar to the one you wrote.

]]> By: Dave C http://blog.m.artins.net/black-cards-aka-evil-stories/comment-page-1/#comment-573 Dave C Tue, 02 Dec 2008 11:24:13 +0000 http://blog.m.artins.net/?p=124#comment-573 IIRC the original idea behind the black story cards was to write them from the point of view of an actor for whom the 'value' realised from the story, would result in some undesirable overall system effect. For example, "As a disgruntled employee, I want to use SQL injection so that I can embezzle my cruel overlord employer by increasing my bonus in the database tenfold" So they represented a way of thinking about making the system do something it was not intended to do, and using its powers for evil!!!! I think the 'black' bit came from de Bono six hat thinking. IIRC the original idea behind the black story cards was to write them from the point of view of an actor for whom the ‘value’ realised from the story, would result in some undesirable overall system effect. For example,

“As a disgruntled employee, I want to use SQL injection so that I can embezzle my cruel overlord employer by increasing my bonus in the database tenfold”

So they represented a way of thinking about making the system do something it was not intended to do, and using its powers for evil!!!! I think the ‘black’ bit came from de Bono six hat thinking.

]]>