I’m harvesting credit card numbers and passwords from your site. Here’s how.


293 bookmarks. First posted by qriz january 1970.


The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new vulnerability.
5 weeks ago by gzhihao
😱 Read this blog post:

🙏 Now you know why you need this package in your app…
from twitter_favs
5 weeks ago by nigeljames
If an attacker successfully injects any code at all, it’s pretty much game over

Also the URL looks a lot like the 300 other requests to ad networks your site makes.

The point is, just because you don’t see it, doesn’t mean it’s not happening. It’s been more than two years and as far as I know, no one has ever noticed one of my requests. Maybe it’s been in your site this whole time :)

I only send these requests intermittently (about one in seven times, lightly randomised — the ideal trouble-shooting-insanity-inducing frequency).
cybersecurity  javascript  obfuscation  password  creditcard  fear  story  browser  plugin  malvertising 
6 weeks ago by bwiese
NPM as attack vector:
from twitter
12 weeks ago by brookr
Great article man.

var i = ‘gfudi’;
var k = s => s.split(‘’).map(c => String.fromCharCode(c.charCodeAt() — 1)).join(‘’);
Security  hacking  Javascript  Interview 
12 weeks ago by hackerzhut
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new…
march 2018 by nununo
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new…
security  javascript  webdev  hacks 
march 2018 by lucapostBo
RT : It's probably only a matter of time if it's not happening already.
from twitter_favs
february 2018 by bf4
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.
Web_Security  Security  Computer_Security 
february 2018 by GameGamer43
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new…
maninthemiddle  security  data  harvesting  prevention 
february 2018 by gilberto5757
Lucky for me, we live in an age where people install npm packages like they’re popping pain killers.
security  javascript  node.js 
february 2018 by jbrewer999
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new vulnerability. via Pocket
IFTTT  Pocket 
february 2018 by trisignia
This has been making the rounds but you should read it and then weep in a corner with the mess we've made.
from twitter_favs
january 2018 by pixelnated
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new…
security  javascript  web 
january 2018 by dstelow
A modern-day "on trusting trust".
javascript  security  npm  web 
january 2018 by dagh
The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all. It’s been a frantic week of security scares — it seems like every day there’s a new vulnerability.
january 2018 by pitiphong_p
Weak web technologies
security  javascript  web  npm  csp  package  hack  via:popular 
january 2018 by rauschen
wow, how easy is it to steal credit card info
encryption  contenSecurityPolicy  hacking  npmHacks 
january 2018 by ElliotPsyIT
"If an attacker successfully injects any code at all, it’s pretty much game over"

very entertaining read; hilariously scary!
xss  hack  npm 
january 2018 by stijn
It's still far too easy to be insecure. Especially node. Thinking about build your own vs using plugins.
hacking  web  javascript  node 
january 2018 by traggett
Ah, folks? About this thing…
security  from twitter
january 2018 by ZacharyAKlein
Recommended reading on @Medium
from instapaper
january 2018 by arakno
Lucky for me, we live in an age where people install npm packages like they’re popping pain killers.
javascript  security  web 
january 2018 by whip_lash