Oh this ,… is the closest I’ve ever come to falling for a Gmail phishing attack.“, shows a realclever attack. An embedded fakeattachmentimage sends you to a data:text/html address. The first part of it then isa plausible-looking Google URL. And only after lots of spaces, it actually loads the phishing site in an iframe. A lot to watch out for in 2017. Including this:
A short story about how encryption can go very wrong with a (Ruby) workflow we’re all guilty of using.Automatic security update checks in the new Phusion Passenger
The ongoing Content-Security-Policy journey at Github.This time focusing on images and dangling markup. That’s when an attacker injects an <img> tag without closing it to extract the HTML of the rest of the page.
A new two-factor authentication lockout recovery process at Github: Using Facebook The HTTPS-traffic via Firefox is now over 50% for the first time There are now Not Secure“ warnings for insecure pages with password and credit card input fields in Chrome and Firefox 51. Mozilla’s coding and security checklist for their services Ransom attacks turn to web apps, check your MongoDB, Elasticsearch, Redis, Cassandra, Hadoop