Collaborate Disseminate
Regarding 2FA browser plugins, I follow the uneducated opinion that they usually provide sufficient security. Since a desktop computer is a unique device (even a virtual machine) and provides that required 2nd factor, you can use a 2FA bro… Continue reading Are 2FA browser plugins sufficiently secure?
I see lots of articles suggesting not storing passwords in the browser, and it made perfect sense to me, if I can access this data easily, an attacker probably can too.
But then I found out about cookie hijacking, and it seems to me that i… Continue reading Does not storing passwords in browser really matter given cookie hijacking exists?
Note: this does not answer my question as it mentions Java/Flash(not in the modern context. The question is from like 10 years ago so probably outdated), and mentions weakness introduced by the user(whereas I’m asking exploits that can be … Continue reading In the modern context, what max harm can a webpage do, if the creator is malignant? [duplicate]
I’m trying to quickly audit a js browser extension to see if it doesn’t talk to the outside. Am I right in thinking that I can just grep the code for the following:
XMLHttpRequest
fetch
$.ajax
axios.get
WebSocket
I’m assuming un-obfuscat… Continue reading Methods to look for when checking if a javascript program is making network requests
I know that the TZ variable aka TimeZone can be read by servers, especially with fingerprinting.
What are the exposed variables to browser’s ?
Continue reading Which system variables are exposed from browser JavaScript context?
When I view the PDF file in a browser such as FireFox without downloading the file into my PC, does FireFox temporarily store the PDF file in my PC?
I heard that FireFox has been sandbox heavily and there is no need to worry about maliciou… Continue reading How safe it is to view PDF file in browser without downloading the file into PC?
Does the browser pass the name of the camera being used to the website which is accessing our camera like when we use obs virtual cam so is the website able to detect that a virtual camera is being used?
Continue reading Does the browser pass the name of the camera being used to the website [closed]
Uses Chromium 115 when current stable is 118. They do claim to have the latest chromium security updates.
Does patching old chromium with the latest security fixes bring it on par with the latest chromium version?
Continue reading How vulnerable is Opera using a version of Chromium that is 3 versions behind?
I know that wget and curl can mitigate fingerprinting (aside from http header and user agent), but will yt-dlp give away more data?
When a user logs in with their email/password combo and gets authenticated to our website, the backend sends the web browser an encrypted cookie based off of their memberId with us. While this encrypted cookie has not expired, the web bro… Continue reading How to properly migrate authentication cookies to using a new encryption scheme on a website while being backwards compatible?