Collaborate Disseminate
Usually once you register in a website you need to visit a url like:
https://example.com/user_activate/^random_string^
Does the ^random_string^ necessarily need to be cryptographically pseudorandom instead of a time-based random one?
I mea… Continue reading Is it necessary to use cryptographically-secure randomness in order to create URLs for user activation?
Usually once you register in a website you need to visit a url like:
https://example.com/user_activate/^random_string^
Does the ^random_string^ necessarily need to be cryptographically pseudorandom instead of a time-based random one?
I mea… Continue reading Is it necessary to use cryptographically-secure randomness in order to create URLs for user activation?
Is it possible that clicking a link would hack a device?
For example:
injecting a malicious code into the device directly from the link’s host website
connecting to the device remotely in a way through its internet connection
And how to … Continue reading What ways a website could hack a device? [duplicate]
I was learning to use wireshark when I noticed that opening a reddit url (reddit.com/r/privacy) sent a GET request for r/privacy over HTTP. Is this visible to the ISP or network sniffers? I was under the impression that anything after the … Continue reading Do websites send full URL over HTTP instead of HTTPS if there’s an HTTPS connection?
Question: It appears that somebody can intercept and read emails that I send from my server, although
I have set up 2-Factor authentification for sudo-access
I log all logins on my server (Did not notice anything suspicious)
Emails sent f… Continue reading How are validation links getting triggered by a third party?
One big threat out there is typosquat domains. For example instead of:
steamcommunity.com some malicious actor will register the domain stearncornmunity.com and set up his fake steam login.
Why do companies not buy these "fake domains… Continue reading Why don’t bigger companies buy similar domains to their main domain to prevent typosquatting?
Yesterday I noted in my router logs that my wife’s laptop accessed crl.comodoca.com. She was not using the machine at the time. A quick google search found three sites claiming this was an indication of a trojan, but all of them recommen… Continue reading crl.comodoca.com is a legit crl site, how can I determine it’s legitimacy when bad actors are attempting to abuse uncertainty about the site
There are a lot of different URL shorteners out there, like Bitly or TinyURL. Besides their main purpose of shortening a link, they also:
obfuscate the actual URL
collect statistics about the usage of the short link
From the obfuscation,… Continue reading Can I safely preview a short link?
I recently clicked on a malicious link on Reddit When I was directed to the link, it asked me to do a couple of captchas. I did them and then was redirected back to Reddit. Then he said he could see my handset brand and that I was changing… Continue reading Can someone know my browser and headset model via browsing a link?
I send email invitations to people and each invitee gets a unique link where they can click on a button to leave a response. The data is not very secret, the worst thing that can happen is that someone leaves a response for someone else, b… Continue reading Is UUID enough to secure public links? [duplicate]