Collaborate Disseminate
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to implement browser-side caching to redu… Continue reading Browser- side caching of encrypted sensitive informations in sessionStorage?
I have a web page with a Cross-Origin-Embedder-Policy: require-corp header. When I include an cross-origin image without CORP or CORS headers in the response, I expect the image to be blocked, because of the Cross-Origin-Embedder-Policy. H… Continue reading Image loaded despite Cross-Origin-Embedder-Policy: require-corp
Normal ‘deleting’ of data and actually randomly overwriting it are very different in terms of security. So, just deleting passwords is not considered secure, because they can be recovered.
And although nearly all browsers encrypt their sav… Continue reading Are the encrypted browser-saved passwords randomly overwritten when deleted?
This is a follow-up to a question regarding recent Internet Archive hacking.
Website web.archive.org was restored in a readonly mode but is it safe to use it? Looking at the brief disclosure of the attack, in addition to DDoS, which is jus… Continue reading Is it safe to use Internet Archive following its cyber-attack?
I remember back in the good old days of ActiveX visiting a malicious site could spell disaster for the user. But from my understanding, browsers today are usually sandboxed so how vulnerable are users to malicious websites?
I am not talkin… Continue reading How prevelant are browser based attacks nowdays?
What’s the reason why an attacker should choose to perform a clickjacking attack?
If they create a malicious website, they could just perform the action automatically, they don’t need to "trick" the user to click on the hidden if… Continue reading Why should an attacker perform a clickjacking attack when they can simulate the click with JavaScript?
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice pdf (I previewed it using GMail’s viewer,… Continue reading Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice pdf (I previewed it using GMail’s viewer,… Continue reading Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?
NOT a duplicate of: NoScript: How to determine which sites/scripts to whitelist?
The above referenced question and its answers focused on how to "gauge the trust" of the various sites that provide scripts. This is hugely valuab… Continue reading Noscript: Where in the browser’s ‘inspector’ can I correlate a script source site with specific page functionality
I spotted that there is no_of_login_attempts in browser Local Storage. I can easily edit it to 0 and then successfully login. So, what’s the point of keeping that info in client side(browser)?
Continue reading Its good idea to store number of login attempts in browser cache?