Search found 116 matches

by morganism
Sun Apr 28, 2019 8:42 pm
Forum: Security
Topic: The inception bar: a new phishing method-( captive site)
Replies: 0
Views: 1821

The inception bar: a new phishing method-( captive site)

this is a browser capture method, and may trap you at the site if you dont have NoScrpipt active. "I don’t want to keep you any longer. If you’re still stuck here, one way to get out is to go to the Hacker News discussion and upvote this article." "In Chrome for mobile, when the user scrolls down, t...
by morganism
Sat Feb 16, 2019 8:46 pm
Forum: Web Tech
Topic: Adblockers Performance Study
Replies: 0
Views: 1023

Adblockers Performance Study

Duck Duck doesnt fare so well...

https://whotracks.me/blog/adblockers_pe ... study.html

"That all popular content-blockers are very efficient, having sub-millisecond median decision time per request"
by morganism
Sat Feb 16, 2019 8:05 pm
Forum: Web Tech
Topic: Artificial intelligence, algorithmic pricing, and collusion
Replies: 0
Views: 949

Artificial intelligence, algorithmic pricing, and collusion

"This column uses experiments with pricing algorithms powered by AI in a controlled environment to demonstrate that even relatively simple algorithms systematically learn to play sophisticated collusive strategies. Most worrying is that they learn to collude by trial and error, with no prior knowled...
by morganism
Sun Oct 21, 2018 9:46 pm
Forum: Security
Topic: Redirect Detective
Replies: 0
Views: 81344

Redirect Detective

Learn where the redirects go... http://redirectdetective.com/ Redirect Detective is a free redirect checker that allows you to see the complete path a redirected URL goes through. "Some of the many uses for Redirect Detective are: See where an affiliate link goes to and what affiliate network is bei...
by morganism
Wed Oct 17, 2018 8:22 pm
Forum: Security
Topic: Reverse engineering of a Huawei P20 from China
Replies: 0
Views: 81407

Reverse engineering of a Huawei P20 from China

Reverse engineering of a Huawei P20 from China

https://twitter.com/fs0c131y/status/1051568180748013569

In this request, the phone is sending - your country - your province - your city - phone locale - the website you requested
by morganism
Sun Sep 23, 2018 11:19 pm
Forum: Security
Topic: ungoogled-chromium is a set of configuration flags, patches,
Replies: 0
Views: 84302

ungoogled-chromium is a set of configuration flags, patches,

"due to Chrome’s new user-unfriendly forced login policy — I won’t be using it going forward." https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ "ungoogled-chromium is a set of configuration flags, patches, and custom scripts. These components altogether strive to accomplish...
by morganism
Sat Sep 22, 2018 8:52 pm
Forum: Security
Topic: Mozilla is malware, sorry but no other way to put it.
Replies: 1
Views: 85345

Re: Mozilla is malware, sorry but no other way to put it.

"But this time I had to go further and open the “Debug add-ons” page, and there I saw two add-ons not listed anywhere else — fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org. https://medium.com/@neothefox/firefox-installs-add-ons-into-your-browser-without-consent-again-d3e2c8e...
by morganism
Sat Aug 18, 2018 10:27 pm
Forum: Security
Topic: Is serverless insecure? Let's find out..aws
Replies: 1
Views: 85203

Is serverless insecure? Let's find out..aws

Is serverless insecure? Let's find out.. "This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare. Do whatever you want. Ultimate goal: take over the account, escalate...
by morganism
Sat Feb 17, 2018 11:44 pm
Forum: Security
Topic: Stealing Data With CSS: Attack and Defense
Replies: 0
Views: 86963

Stealing Data With CSS: Attack and Defense

CSS exfil this didn't come up in search, so will post https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense "By utilizing CSS alone, browser protections like NoScript can't block the egress of data (although NoScript's XSS auditor is more effective than Chrome at blocking so...
by morganism
Wed Jan 24, 2018 7:31 pm
Forum: Security
Topic: 7-Zip: Multiple Memory Corruptions via RAR and ZIP
Replies: 0
Views: 87144

7-Zip: Multiple Memory Corruptions via RAR and ZIP

In the following, I will outline two bugs that affect 7-Zip before version 18.00 as well as p7zip. The first one (RAR PPMd) is the more critical and the more involved one. The second one (ZIP Shrink) seems to be less critical, but also much easier to understand. https://landave.io/2018/01/7-zip-mult...
by morganism
Thu Jan 18, 2018 12:03 am
Forum: Security
Topic: New free public DNS service blocks malicious domains
Replies: 9
Views: 90053

Re: New free public DNS service blocks malicious domains

ugh, you guys were right.

Here is a DNS lookup over HTTPS that may help

https://github.com/curl/curl/wiki/DNS-over-HTTPS

Do DNS resolves over HTTPS for privacy, performance and security. Also makes it easier to use a name server of your choice instead of the one configured for your system.
by morganism
Sat Jan 13, 2018 12:43 am
Forum: Security
Topic: Real World Crypto 2018
Replies: 0
Views: 87010

Real World Crypto 2018

live talks on crypto implemention in streaming and cloud Real World Crypto 2018 Real World Crypto Symposium aims to bring together cryptography researchers with developers implementing cryptography in real-world systems. The conference goal is to strengthen the dialogue between these two communities...
by morganism
Sat Jan 13, 2018 12:04 am
Forum: Security
Topic: Your browser config
Replies: 7
Views: 89158

Re: Your browser config

pretty good list here for configs

Firefox telemetry and spy removal

https://gist.github.com/MrYar/751e0e5f3 ... c8aa237b72
by morganism
Wed Jan 10, 2018 4:25 am
Forum: Security
Topic: What Spectre and Meltdown Mean For WebKit
Replies: 1
Views: 87794

What Spectre and Meltdown Mean For WebKit

What Spectre and Meltdown Mean For WebKit https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/ "WebKit relies on branch instructions to enforce what untrusted JavaScript and WebAssembly code can do. Spectre means that an attacker can control branches, so branches alone are no long...