Author Archives: Meowmere

Social engineering attack using simple HTML <img> tags. Is it possible?

Posted on by

Let’s say the user is visiting sensitive.com and uploads some sensitive image sensitive.com/private.png. This image can be read with a GET request but requires authentication via a session cookie.
Now, the user visits another site evil.com… Continue reading Social engineering attack using simple HTML <img> tags. Is it possible?

With private access tokens, how will the attester and issuer be able to charge origins for using their service? [closed]

Posted on by

With CAPTCHAs, the service provider (e.g. Google) will be able to charge site owners by number of requests because they have to ask google whether a given token is signed.
However, as my understanding goes, with private access tokens, ther… Continue reading With private access tokens, how will the attester and issuer be able to charge origins for using their service? [closed]