Collaborate Disseminate
Currently, I develop a frontend for a simple REST API. I use Angular 18 with its material components and Transloco for localization.
A friend sent me a screenshot today, where a menu item with a localization key like "common.add"… Continue reading Website shows unexpected message instead of localised text [closed]
I know that sites can share some information between each other by sharing cookies amongst themselves. They have to be in some kind of agreement with each other I assume? Or can any random site read all the cookies that are currently saved… Continue reading of the cookies created by OTHER websites, which ones would the browser allow a website to access?
I was using yt-dlp to download YouTube videos. It has an option to obtain cookies directly from the browser, probably all of them.
Do the browsers store the cookies with any encryption?
If so, how does the program get the cookies?
If not, … Continue reading Are cookies stored with encryption and and how do browsers protect them?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to implement browser-side caching to redu… Continue reading Browser- side caching of encrypted sensitive informations in sessionStorage?
I have a web page with a Cross-Origin-Embedder-Policy: require-corp header. When I include an cross-origin image without CORP or CORS headers in the response, I expect the image to be blocked, because of the Cross-Origin-Embedder-Policy. H… Continue reading Image loaded despite Cross-Origin-Embedder-Policy: require-corp
Normal ‘deleting’ of data and actually randomly overwriting it are very different in terms of security. So, just deleting passwords is not considered secure, because they can be recovered.
And although nearly all browsers encrypt their sav… Continue reading Are the encrypted browser-saved passwords randomly overwritten when deleted?
This is a follow-up to a question regarding recent Internet Archive hacking.
Website web.archive.org was restored in a readonly mode but is it safe to use it? Looking at the brief disclosure of the attack, in addition to DDoS, which is jus… Continue reading Is it safe to use Internet Archive following its cyber-attack?
I remember back in the good old days of ActiveX visiting a malicious site could spell disaster for the user. But from my understanding, browsers today are usually sandboxed so how vulnerable are users to malicious websites?
I am not talkin… Continue reading How prevelant are browser based attacks nowdays?
What’s the reason why an attacker should choose to perform a clickjacking attack?
If they create a malicious website, they could just perform the action automatically, they don’t need to "trick" the user to click on the hidden if… Continue reading Why should an attacker perform a clickjacking attack when they can simulate the click with JavaScript?
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice pdf (I previewed it using GMail’s viewer,… Continue reading Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?