Infosec

1 readers
1 users here now

founded 2 years ago
listing: all - local
1
1
Retrieving your browsing history through a CAPTCHA (varun.ch)
submitted 1 year ago by deadbeef@karab.in to c/infosec@karab.in
0 comments fedilink
 
 

Browsers also let us style how visited links look, using the :visited pseudo-class. This is also pretty helpful, as the purple links don't match the style of every website.

You might already be thinking of various ways to exploit this, perhaps using background-images to send GET requests to a server, or maybe by using window.getComputedStyle to get the colour of a link.

2
1
The Dangers of Google’s .zip TLD (medium.com)
submitted 2 years ago by deadbeef@karab.in to c/infosec@karab.in
0 comments fedilink
 
 

Google launched this week a new TLD or “Top Level Domain” of .zip, meaning you can now purchase a .zip domain, similar to a .com or .org domain for only a few dollars. The security community immediately raised flags about the potential dangers of this TLD. In this short write-up, we’ll cover how an attacker can leverage this TLD, in combination with the @ operator and unicode character ∕ (U+2215) to create an extremely convincing phish.