The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • RT @EvaKestemont: Gezocht voor een vriendin met pech en een zware revalidatie: iemand die enkele maanden bij haar en haar lief en baby wil… 3 hours ago
    • RT @steve_asbell: My therapist said “Why did you get an autism diagnosis? You’re more than a label!” I told him “I have ALWAYS been labele… 3 hours ago
    • @Zangstem Ik duim dat je oud wordt. In goede gezondheid. 3 hours ago
    • RT @JasonErvD: Weet je van die docenten die de cijfers van de hele klas voorlezen of projecteren op het digibord? Moet echt stoppen. Is ec… 3 hours ago
    • RT @IanColdwater: I don't know why keynoting in front of 10,000 people feels less weird than this, but here we are 👩🏻‍💻 https://t.co/25ShsH… 7 hours ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,821 other followers

I’m harvesting credit card numbers and passwords from your site. Here’s how.

Posted by jpluimers on 2020/01/14

Below is one of the reasons I try to stay on the back-end side of things. Those are complex enough to focus on for me.

[WayBackI’m harvesting credit card numbers and passwords from your site. Here’s how.

It basically comes down to:

  • anything in the same page has access to anything happening on that page.
  • be careful when using npm and ad networks.
  • perform security operations in a light-weight iframe that is scrutinized.

The source of any npm package might be different from the source you find in a the underlying repository. This recursively holds for all the other npmit pulls in.

–jeroen

via: [WayBackJeroen Wiert Pluimers – Google+

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: