Man, please tell me it was in the default John the Ripper wordlist

RT @UnderTheBreach@twitter.com

UNBELIEVABLE - Someone was able to crack the password of the Bitcoin wallet I reported on only a short time ago and spend the $1,000,000,000 that was inside it!

blockchain.com/btc/address/1HQ

πŸ¦πŸ”—: twitter.com/UnderTheBreach/sta

RT @tokyotoniosumai@twitter.com

kicadγ§δ½œγ£γŸεŸΊζΏγ‚’θ΅°γ‚Œγ‚‹γ‚―γ‚½γ‚²γƒΌγ§γγŸγ€‚

πŸ¦πŸ”—: twitter.com/tokyotoniosumai/st

RT @terjanq@twitter.com

The idea behind my latest XSS challenge was to bypass a strict CSP to execute arbitrary XSS without using parentheses. I explained the solution in detail, with mini-research alongside, in this article medium.com/@terjanq/arbitrary-. Check it out!πŸ˜ƒ

πŸ¦πŸ”—: twitter.com/terjanq/status/129

RT @__muscles@twitter.com

I've been typosquatting Python packages in PyPI for the last two years and the data is pretty fascinating: medium.com/@williambengtson/py

πŸ¦πŸ”—: twitter.com/__muscles/status/1

So the sites should be using 301 redirects when redirecting to an external unknown page. Or even better, they should consider getting rid of the Open Redirect altogether as it can pose many social engineering vectors and other risks. And it's generally considered a security issue

Show thread

As it turns out, Google display 302 Found redirects in the search results, as they could be *temporary* and the redirect location could change, it *doesn't* display 301 *Moved Permanently* redirects as they should be final. Nicely explained here: sistrix.com/blog/want-confuse-

Show thread

All their domains registered by the same registrant and proxied through Cloudflare, going to report them

Show thread

Well, they aren't scams exactly (yet), they are just harvesting that sweet search engine juice to then become one, once they are high enough on the search results page... hxxps://npq.thomasonlawfirm.com/t/639?56016d167596934240cac067d444d7a5

Show thread

This looks like a pretty standard @iDNEScz@twitter.com article, right?

Show thread

hxxps://www.expres.cz/_servix/recombee/collector.aspx?url=https://sijisu.eu

hxxps://www.focus-age.cz/m-journal/redir.php?t=https://sijisu.eu

Show thread

Open redirects I found they use:

hxxps://lidovky.cz/_servix/recombee/collector.aspx?url=https://sijisu.eu

hxxps://idnes.cz/_servix/recombee/collector.aspx?url=https://sijisu.eu

Show thread

Scammers are abusing Open Redirects on @lidovky@twitter.com @iDNEScz@twitter.com @cz_expres@twitter.com and others, and Google is happily indexing these scams. Didn't know it's even possible to have 302 redirects indexed

Why all these daemon system messages always sound so sad? It's just an email, it's not that bad, qmail-send. You will get over it, it's okay to give up sometimes

RT @seldo@twitter.com

Twitter pinned the credentials for their super-user admin tool to a Slack channel?!?!?!? nytimes.com/2020/07/17/technol

πŸ¦πŸ”—: twitter.com/seldo/status/12843

Warning: you are about to enter about:internet, this could be a security risk!

Show thread

But no worries... I have the Enhanced Security Configuration enabled...

Show thread
Show older
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!