Aaron Parecki (aaronparecki.com)This article was originally posted on the GoDaddy blog. https://aaronparecki.com/2018/04/20/46/indieweb-reader.jpg I have a new home on the internet. I don’t visit the Twitter home timeline or the Facebook news feed anymore. I don’t open the Instagram app except when I post a photo. I still have...
I feel like a child in a candystore 😀
Still working on understanding the kinks of microformats2 and webmentions but I’m starting to get the hang of this.
Most of this is supported by the amazing IndieWeb plugin collection for WordPress so much respect for people that roll their own.
Beko Pharm (beko.famkos.net)Didn’t expect this to get so many Likes on TW 😮
A previous article discussed password management tools that use server-side technology. These tools are very interesting and suitable for a cloud installation.In this article we will talk about KeePassXC, a simple multi-platform open source software that uses a local file as a database.The main advantage of this type of password management is simplicity. No server-side …
I like how this article about KeePassXC mentions the SSH agent integration [that is usually skipped in such articles]. Good stuff:
https://fedoramagazine.org/managing-credentials-with-keepassxc/
Today I run into domain abuse while working on a WordPress project due to a typo in the TLD. A foreign server happily served me the requested files but with spiced content. This looked unsuspicious at first glance.
Now this is something that doesn’t happen every day [to me]. I haven’t touched PHP and WordPress in years so I don’t have a workflow established for this any more. Today I got the job to upgrade some legacy system. So I checked out the project from git, configured some dnsmasq magic and launched a local PHP development server and browser.
I was astonished when the project came up in the zero profile development chrome and the first link I clicked opened a new tab presenting me with some scam ringing all alarm bells. I’m on localhost! And Linux! What happened? Do we have an infected project in our git repository? So I started digging.
Wait, this doesn’t look right. Looks like I made a typo replacing the WordPress WP_HOME and WP_SITEURL in our local wp-config and got a doubled dot de. That’s not going to localhost but it’s still loading JavaScript files. No file came back with 404 – Not Found error so at first glance nothing suspicous happened beside the CSS looking weird. Most files were empty but with some exception – as you can see.
So I run that IP against the IP Abuse DB and it checked out with various reports including a “took over my blog” report. Yeah, I guess that happens when you’re going to login to your blog. This IP ships any file you request back to you but with it’s own flavoured JavaScript. That’s what happens when you do a typo and someone else is just waiting for this. And it happened to my dev setup since I made a search and replace without enough caffeine in my blood to spot the typo and without bothering to set up SSL and CORS for developing.
So yeah.. you can throw any domain at this. It will happily serve malware, or spam or whatever it’s up to today. It’s just waiting for a typing error.
There’s a lesson here. Watch careful what domain you really use. Don’t be lazy and make use of SSL/CORS even in development. I can’t help me from having some respect for this idea and there are probably others doing the same.
Local police “warns” people from callers claiming to be with Microsoft to “hack” into computers and blackmail their victims later to regain access.
What year is it again?
Good thing there are people like Lewis’s Tech keeping scammers occupied for fun and entertainment.
Had a relaxing 1st May with the family. Coffee, cake, beers and talks about a diy geigercounter. Sometimes I wonder how non nerd families manage.
Marc Di Luzio (Medium)…and then Valve dropped their Proton bomb
Did you know that you can play hundreds of games nowadays? Not just Windows through Proton – no. I’m talking about native games.
https://medium.com/@mdiluz/so-i-was-making-a-montage-full-of-native-linux-games-92ce12b21631
https://www.youtube.com/watch?v=3U8bLArlRXw
Disclaimer: Many of the snippets were contributed by me. @mdiluz did the fantastic job of wrapping everything up.
Participated at the workshop Vehicle Spy with Intrepid by the Automotive Security Research Group at Shackspace (Stuttgart) and really liked it (despite me looking asleep all the time due to critical caffeine levels).
TIL: Don’t attack the crypto. Attack the implementation.
Today I found out about Franz and I’m in love. I know it’s “just” wrapping some browser tabs but this is exactly what I needed so sort all my messengers:
