/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

pentesterlab.com
| | myers.io
4.7 parsecs away

Travel
| | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong.
| | honeypot.net
5.5 parsecs away

Travel
| | I received an email from Slack on Thursday, 2022-08-04: We're writing to let you know about a bug we recently discovered and fixed in Slack's Shared Invite Link functionality. This feature allows users with the proper permissions to create a link that will allow anyone to join your Slack workspace; it is an alternative to inviting people one-by-one via email to become workspace members. You are receiving this email because one or more members of your workspace created and/or revoked one of these links fo...
| | pboyd.io
5.1 parsecs away

Travel
| | Here's a fun list to look through: Dumb Password Rules. Most of the rules seem arbitrary, like only allowing digits, but some hint at deeper problems. For instance, preventing single-quotes. They aren't inserting passwords into a database without a SQL placeholder, right? Nearly every site on that list has a needlessly short maximum password size. If they're storing passwords correctly, there's no need for this. This post will go through a few bad ways to store a password and you can see what I mean....
| | blog.andlabs.org
12.7 parsecs away

Travel
| Password cracking and JavaScript are very rarely mentioned in the same sentence. JavaScript is a bad choice for the job due to two primary r...