If you can inject JS then you can steal session cookies. Other stuff too, but XSS is a big deal.

This article a few years ago seemed to think differently http://articles.philly.com/2010-07-13/news/24968528_1_compac...

Also, they're kind of a pain since you need two hands to throw something away without sticking your hand in something gross.

EDIT: I originally said opposite instead of differently.

I think you nailed it . There are plenty of real problems, this is not one of them.

It could be a diversion for another attack. If there is currently a ddos going on, other suspicious behavior is more likely to be overlooked.

I use nping for this. If you're not aware of it, it installs with nmap.

nping --traceroute --tcp -p80 target.com

they could prevent fraud by disabling the card.

In New Jersey the casino is not allowed to ask you to leave for counting cards. They can only force you to bet the same amount and/or shuffle every hand.

I also recently signed up for twitter, and noticed the same thing. I just figured it was based on location, and maybe what twitter pages my IP had visited before signing up.