Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 17 Nov 2019, 22:27
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Cross-site scripting attacks
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 2051
Location: Canada

PostPosted: Tue 04 Dec 2018, 08:06    Post subject:  Cross-site scripting attacks
Subject description: and other kind of cyber attacks
 

Even the most trustworthy-looking website could trick you into giving up personal details through cross-site scripting.

Cross-site scripting is what happens when an attacker takes advantage of a vulnerability in a webpage to inject their own code. That code can steal user information such as credentials, session cookies, and other sensitive data, and can even live persistently on a site to attack multiple users.

XSS attacks are capable of stealing sensitive data from users. One of the most sensitive XSS targets are session cookies, which verify a user's identity on a website to allow the person to stay logged in while visiting multiple pages on a domain.

If an XSS attacker manages to steal a session cookie, they can duplicate the user's active session, giving them access to anything the user is able to do on a website—make social media posts, edit personal/account information, change passwords, steal credit card information, make bank transfers, buy products from an ecommerce site, and more.


XSS is primarily a problem for developers whose sites are exploited to pass cross-site scripts off to users. There isn't a lot that end users can do to protect themselves against XSS attacks since those vulnerabilities rely on weak website code to operate.

That doesn't mean you're out of luck when it comes to XSS attack prevention, though—it just means your options are limited.


NoScript, an addon for Firefox, and ScriptSafe, an addon for Chrome. These add-ons completely block scripts from running unless you manually allow them; this should prevent XSS attacks from being able to execute.

Further reading :
Brute force and dictionary attacks
https://www.techrepublic.com/article/brute-force-and-dictionary-attacks-a-cheat-sheet/
5 most overlooked security threats
https://technofaq.org/?p=24894

Last edited by labbe5 on Thu 10 Jan 2019, 10:46; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 2051
Location: Canada

PostPosted: Wed 19 Dec 2018, 07:58    Post subject: Extortion Email Threatens to Send a Hitman  

https://www.bleepingcomputer.com/news/security/new-extortion-email-threatens-to-send-a-hitman-unless-you-pay-4k/

Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.

These emails started appearing this week and have a subject line similar to "Pretty significant material for you right here 17.12.2018 08:33:00". The content of the emails are written in poor English and grammar and state that the sender is the owner of a Dark Web site that offers different kinds of services for a fee.

The email goes on to say that someone came to the site to hire a hitman to target the recipient for an "instant and pain-free" execution. The owner of the site, though, is willing to call the hitman off if they receive $4,000 in bitcoin. As an extra bonus, they will also "remove the hitman".
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0283s ][ Queries: 11 (0.0050s) ][ GZIP on ]