3 Matching Annotations
  1. Feb 2021
  2. stackoverflow.com stackoverflow.com
    Why are iframes considered dangerous and a security risk?
    1
    1. TylerRick 03 Feb 2021
      If you teach your users to trust that URL bar is supposed to not change when they click links (e.g. your site uses a big iframe with all the actual content), then the users will not notice anything in the future either in case of actual security vulnerability.
      detecting security exploits just because you don’t see/notice it, doesn’t mean it’s not happening easy to miss / not notice (attention) unintended consequence
    Visit annotations in context

    Tags

    Annotators

    URL

    stackoverflow.com/questions/7289139/why-are-iframes-considered-dangerous-and-a-security-risk
  3. medium.com medium.com
    I’m harvesting credit card numbers and passwords from your site. Here’s how.
    2
    1. TylerRick 03 Feb 2021
      it is very difficult to spot shenanigans in obfuscated code, you’ve got no chance.
      obfuscation detecting security exploits
    2. TylerRick 03 Feb 2021
      I’d notice the network requests going out!Where would you notice them? My code won’t send anything when the DevTools are open (yes even if un-docked).I call this the Heisenberg Manoeuvre: by trying to observe the behaviour of my code, you change the behaviour of my code.
      browser DevTools detecting security exploits detecting security exploits: outgoing network traffic clever security exploits: avoiding detection
    Visit annotations in context

    Tags

    Annotators

    URL

    medium.com/hackernoon/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5