Search found 119 matches

by morganism
Wed Jun 10, 2020 9:54 pm
Forum: Web Tech
Topic: fyi: You can bypass youtube ads by adding a dot after the domain
Replies: 0
Views: 146

fyi: You can bypass youtube ads by adding a dot after the domain

from a reddit post "For example, https://www.youtube.com/watch?v=DuB8VUICGqc // will occasionally show ads https://www.youtube.com./watch?v=DuB8VUICGqc // will not show ads It's a commonly forgotten edge case, websites forget to normalize the hostname, the content is still served, but there's no hos...
by morganism
Sat Feb 15, 2020 4:33 am
Forum: Security
Topic: Firefox url stripping of tracking info
Replies: 2
Views: 16463

Re: Firefox url stripping of tracking info

oh, and this looks like local storage, don't know how it goes into the SQL profile... "Private Bookmarks enables a special password-protected bookmark folder. Your private bookmarks are encrypted with your chosen password. This is not an online service, and you are in control of what data leaves you...
by morganism
Sat Feb 15, 2020 4:30 am
Forum: Security
Topic: Firefox url stripping of tracking info
Replies: 2
Views: 16463

Firefox url stripping of tracking info

This looks pretty sweet, i can't check it tho... "This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet. Many websites use tracking elements in the URL (e.g. https://example.com?utm_source=newsletter1&utm_medium=email&utm_c...
by morganism
Sun Apr 28, 2019 8:42 pm
Forum: Security
Topic: The inception bar: a new phishing method-( captive site)
Replies: 0
Views: 8498

The inception bar: a new phishing method-( captive site)

this is a browser capture method, and may trap you at the site if you dont have NoScrpipt active. "I don’t want to keep you any longer. If you’re still stuck here, one way to get out is to go to the Hacker News discussion and upvote this article." "In Chrome for mobile, when the user scrolls down, t...
by morganism
Sat Feb 16, 2019 8:46 pm
Forum: Web Tech
Topic: Adblockers Performance Study
Replies: 0
Views: 1466

Adblockers Performance Study

Duck Duck doesnt fare so well...

https://whotracks.me/blog/adblockers_pe ... study.html

"That all popular content-blockers are very efficient, having sub-millisecond median decision time per request"
by morganism
Sat Feb 16, 2019 8:05 pm
Forum: Web Tech
Topic: Artificial intelligence, algorithmic pricing, and collusion
Replies: 0
Views: 1380

Artificial intelligence, algorithmic pricing, and collusion

"This column uses experiments with pricing algorithms powered by AI in a controlled environment to demonstrate that even relatively simple algorithms systematically learn to play sophisticated collusive strategies. Most worrying is that they learn to collude by trial and error, with no prior knowled...
by morganism
Sun Oct 21, 2018 9:46 pm
Forum: Security
Topic: Redirect Detective
Replies: 0
Views: 87905

Redirect Detective

Learn where the redirects go... http://redirectdetective.com/ Redirect Detective is a free redirect checker that allows you to see the complete path a redirected URL goes through. "Some of the many uses for Redirect Detective are: See where an affiliate link goes to and what affiliate network is bei...
by morganism
Wed Oct 17, 2018 8:22 pm
Forum: Security
Topic: Reverse engineering of a Huawei P20 from China
Replies: 0
Views: 87983

Reverse engineering of a Huawei P20 from China

Reverse engineering of a Huawei P20 from China

https://twitter.com/fs0c131y/status/1051568180748013569

In this request, the phone is sending - your country - your province - your city - phone locale - the website you requested
by morganism
Sun Sep 23, 2018 11:19 pm
Forum: Security
Topic: ungoogled-chromium is a set of configuration flags, patches,
Replies: 0
Views: 90835

ungoogled-chromium is a set of configuration flags, patches,

"due to Chrome’s new user-unfriendly forced login policy — I won’t be using it going forward." https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ "ungoogled-chromium is a set of configuration flags, patches, and custom scripts. These components altogether strive to accomplish...
by morganism
Sat Sep 22, 2018 8:52 pm
Forum: Security
Topic: Mozilla is malware, sorry but no other way to put it.
Replies: 1
Views: 91916

Re: Mozilla is malware, sorry but no other way to put it.

"But this time I had to go further and open the “Debug add-ons” page, and there I saw two add-ons not listed anywhere else — fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org. https://medium.com/@neothefox/firefox-installs-add-ons-into-your-browser-without-consent-again-d3e2c8e...
by morganism
Sat Aug 18, 2018 10:27 pm
Forum: Security
Topic: Is serverless insecure? Let's find out..aws
Replies: 1
Views: 85498

Is serverless insecure? Let's find out..aws

Is serverless insecure? Let's find out.. "This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare. Do whatever you want. Ultimate goal: take over the account, escalate...
by morganism
Sat Feb 17, 2018 11:44 pm
Forum: Security
Topic: Stealing Data With CSS: Attack and Defense
Replies: 0
Views: 87453

Stealing Data With CSS: Attack and Defense

CSS exfil this didn't come up in search, so will post https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense "By utilizing CSS alone, browser protections like NoScript can't block the egress of data (although NoScript's XSS auditor is more effective than Chrome at blocking so...
by morganism
Wed Jan 24, 2018 7:31 pm
Forum: Security
Topic: 7-Zip: Multiple Memory Corruptions via RAR and ZIP
Replies: 0
Views: 87604

7-Zip: Multiple Memory Corruptions via RAR and ZIP

In the following, I will outline two bugs that affect 7-Zip before version 18.00 as well as p7zip. The first one (RAR PPMd) is the more critical and the more involved one. The second one (ZIP Shrink) seems to be less critical, but also much easier to understand. https://landave.io/2018/01/7-zip-mult...
by morganism
Thu Jan 18, 2018 12:03 am
Forum: Security
Topic: New free public DNS service blocks malicious domains
Replies: 9
Views: 90622

Re: New free public DNS service blocks malicious domains

ugh, you guys were right.

Here is a DNS lookup over HTTPS that may help

https://github.com/curl/curl/wiki/DNS-over-HTTPS

Do DNS resolves over HTTPS for privacy, performance and security. Also makes it easier to use a name server of your choice instead of the one configured for your system.