security

Link to a github repo with a ?ref= parameter, such as https://github.com/teslamotors/ruby-smpp?ref=elon%20musk%20fucking%20sucks. The ref doesn’t need to be a valid reference in the repo (or any fork), it’s completely freetext. Then post that link somewhere on telegram. Then, anyone who posts that repo will get the ?ref parameter in the embed.

Hi! I wrote some Excellent Javascript that lets you change an image based on the funny little characters you type in the box at the bottom. I’ve vaguely heard of XSS, so I know that I should escape the characters, so I copied the escaping rules from Tera.

Namely, replacing &, <, >, ", \``, and /` with their associated HTML entities.

Your task is to call submitFlag with the string value <>. If you succeed, I will alert a fun message for you :)

I was looking at a tool to send matrix messages from the CLI, and it got me thinking about how we handle authentication for tools like this. I don’t want to give everything my password, especially if it doesn’t need permissions to do literally everything that I can do.

First off, does this matter to you? No. No it doesn’t. Unless you’re backing up gigabytes of completely attacker controlled data, to an attacker controlled service, and need to ensure they don’t know you’re backing up said data, it Doesn’t Fucking Matter.

With that said, it’s a somewhat neat attack!

A watermarking attack is when an attacker who can get you to store an attacker-controlled piece of data can then detect the presence of that attacker controlled data. It’s not a huge deal, but is a concern if someone is able to inject a watermark into, say, copywritten or leaked content, and then automatically terminate the cloud storage/backup accounts of users that can be shown to have that data on their drive.