The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for June 8th, 2023

How to encourage phishing: send email to users from a different domain than they are subscribed to

Posted by jpluimers on 2023/06/08

Many organisations train their personell with phishing attempts from domains that are different from the one the organisation uses.

The mantra is: only respond to emails (or clicking links in them) from domains you know.

Microsoft sent (still sends?) account expiration emails for various *.microsoft.com, *.visualstudio.com and other Microsoft domains like this:

[Wayback/Archive] 232840055-2ccfdb9b-2a13-4a34-92f5-f27f337825f8.png (766×653) email from Microsoft account team <account-security-noreply@mail.msa.msidentity.com>

Read the rest of this entry »

Posted in Pen Testing, Phishing, Power User, Red team, Security | Leave a Comment »

Side effect-free bookmarklets: wrap them in an IIFE (Immediately Invoked Function Expression)

Posted by jpluimers on 2023/06/08

In Bookmarklets for Archive.is and the WayBack Machine to go to the original page, I wrote about how the Shadow DOM is used to prevent side effects between the code of the WayBack machine and the archived page.

In a similar manner, Bookmarklets can also interfere with code on the page and vice versa, for instance by using global variables.

That is why the [Wayback/Archive] A simple bookmarklet to tweet the current page – DEV Community is wrapped in a special kind of function:

javascript:(function(){
  n=getSelection().anchorNode;
  t=n.nodeType===3?n.data:n.innerText;t=''+t+'\\n\\n';
  window.open(`https://twitter.com/intent/tweet?
  text=${encodeURIComponent(t)}${document.location.href}`)
})()

This is an [Wayback/Archive] IIFE – MDN Web Docs Glossary: Definitions of Web-related terms | MDN or “Immediately Invoked Function Expression”, a mechanism coined by [Archive] Ben Alman (@cowboy) / Twitter at [Wayback/Archive] Ben Alman » Immediately-Invoked Function Expression (IIFE).

Since the variables are inside the function body, they won’t interfere with the page. The body will be immediately executed.

Related:

–jeroen

Posted in Bookmarklet, Development, JavaScript/ECMAScript, Power User, Scripting, Software Development, Web Browsers | Leave a Comment »