flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > Why we should always disable JS (and flash)

Goto page Previous  1, 2, 3 ... 9, 10, 11
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon


Furs wrote:
Do you really audit addons when you install them?

I audited them by use. That is, I have a temporary browser which I proxy and run the new add-on for a while to monitor the outgoing data stream and watch for anything new and/or unusual. After a few days, if I was satisfied, then I would install the same code into my awesome FF3.6.28. Then I never update them. And whenever I've checked back later there has not been any new "Feature" that I have wanted so I wasn't missing anything by keeping the old code.

I don't have many add-ons so it is not a greatly onerous task actually.
Post 10 Feb 2018, 14:08
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon

https://scotthelme.co.uk/protect-site-from-cryptojacking-csp-sri/

Quote:
If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from. In this case it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed.


https://phys.org/news/2018-02-thousands-websites-infected-crypto-malware.html wrote:
"Things could have been much worse," Cluley said in a blog post. "Imagine if the plug-in had been tampered with to steal login passwords rather than steal CPU resources from visiting computers."

Post 12 Feb 2018, 13:40
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon

The following site is a total disgrace:

http://www.wherestheflux.com/single-post/2018/03/19/tldr-DIPPING

It is run by Wix. And all of the Wix based sites have the same <body> content:

Code:
<body>
        <div id="SITE_CONTAINER"></div>

    
    
    
    
    
    
    

    </body>

Yes, that is an empty body, not a misquote. Sad
Post 20 Mar 2018, 09:14
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1133

I've seen a lot of stupid sites like that, where nothing shows up without turning on JavaScript. Retarded.
Post 20 Mar 2018, 13:35
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon

What website are you really on? Edge zero-day leaves users with no clue

Quote:
Beautifully simple’ flaw allows attackers to impersonate trusted sites.

I bet you can guess the problem here. JS. Without JS there is no problem.
Post 04 May 2018, 02:02
View user's profile Send private message Visit poster's website Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1224
Location: Mikrolimano

Oh what a fuss, i think i am gonna begin Javascript lessons Razz
Post 04 May 2018, 09:31
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3 ... 9, 10, 11

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2018, Tomasz Grysztar.
Powered by rwasa.