The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,820 other followers

Archive for the ‘Security’ Category

I’m harvesting credit card numbers and passwords from your site. Here’s how.

Posted by jpluimers on 2020/01/14

Below is one of the reasons I try to stay on the back-end side of things. Those are complex enough to focus on for me.

[WayBackI’m harvesting credit card numbers and passwords from your site. Here’s how.

It basically comes down to:

  • anything in the same page has access to anything happening on that page.
  • be careful when using npm and ad networks.
  • perform security operations in a light-weight iframe that is scrutinized.

The source of any npm package might be different from the source you find in a the underlying repository. This recursively holds for all the other npmit pulls in.

–jeroen

via: [WayBackJeroen Wiert Pluimers – Google+

Posted in Development, Power User, Security, Software Development, Web Development | Leave a Comment »

Diffie-Hellman Key Exchange graphically explained – Wikipedia/Computerphile

Posted by jpluimers on 2019/12/31

Sometimes a picture or video is better than a thousand words.

I wish that back when I learned about the mathematics of the Diffie–Hellman key exchange – Wikipedia

I had seen the picture on the right from File:Diffie-Hellman Key Exchange-modified.png – Wikipedia (via DHKE General overview) which inspired the Computerphile and Art-Of-The-Problem videos below doing the same dynamically with colorised liquids and paint.

Art-Of-The-Problem has a similar video on RSA as well which is also below.

Usually Diffie-Hellman is combined with RSA to prevent man-in-the-middle and allow for perfect forward secrecy. That’s what the final computerphile video is about.

Excellent!

Finally, Computerphile also posted a video with the mathematics. If you’re into that: nice work too!

Via:

–jeroen

Read the rest of this entry »

Posted in Development, Encryption, Power User, Security, Software Development | Leave a Comment »

Meet Inrupt: for a decentralized web and new data ownership model

Posted by jpluimers on 2019/12/27

On my list of things to try:

Tim Berners-Lee, inventor of the World Wide Web, launches Inrupt, a start-up that will take the Solid open source platform and “Solid movement” to the next level with the backing of Glasswing Ventures. A look at the what and why.

For now, I have two WebIds and need to figure out how to link them (:

Hopefully the video below will help with that.

–jeroen

Read the rest of this entry »

Posted in GDPR/DS-GVO/AVG, LifeHacker, Power User, Privacy, Security | Leave a Comment »

if you allow users to register email addresses on your domain, make sure they can’t get: admin@ administrator@ hostmaster@…

Posted by jpluimers on 2019/12/16

Great tip from: [Archive.isMichal Špaček on Twitter: “Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get: admin@ administrator@ hostmaste… https://t.co/wUHXrQC2J0”:

 Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get:
  • admin@
  • administrator@
  • hostmaster@
  • postmaster@
  • webmaster@ (and others from RFC 2142)

otherwise users might be able to get an HTTPS certificate for your domain.

–jeroen

Read the rest of this entry »

Posted in Encryption, https, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

CSP and bookmarklets

Posted by jpluimers on 2019/10/25

If you find out bookmarklets like the [WayBack] Press-This or [Archive.is] SubToMe do not work on some pages but to on others.

Often it’s not the bookmarklet, but a combination the site disabling CSP (Content Security Policy) and browsers not coping well with that, see for instance:

via:

–jeroen

Posted in Bookmarklet, CSP, Power User, Security, Web Browsers | Leave a Comment »

 
%d bloggers like this: