![]() ![]() I'm so lazy this afternoon and quite seasonally afflicted as well as I look out at the gray sky.Īnother trend I find very annoying are those links or buttons that hide the URL from the user. I'd link, but I don't know if links in forum posts are allowed and don't remember seeing any explicitly. ![]() It is my understanding that Chrome does a better job of not trying to normalize the copy blob to unicode. This will also strip away any formatting, including any characters hidden by HTML/CSS. It is easy to obfuscate hyperlink destinations in HTML, so if you're on a site you're unfamiliar with or don't trust, it's a good idea to copy and paste these links into notepad or similar plain text editor using default character encoding. They should know better, regardless of confidence level! Security pros should never paste into a terminal from an external source they don't control. I'm glad to see the simple solution appear in the article, but maybe it should be highlighted ). This site is fantastic, usually among the forefront on any emerging security issue ,and gets a lot of linking, but not enough engagement IMO. In a simple proof of concept (PoC) published on his blog, Friedlander asks readers to copy a simple command that most sysadmins and developers would be familiar with:įirst time poster, I think. Worse, without the necessary due diligence, the developer may only realize their mistake after pasting the text, at which point it may be too late. It isn't unusual for novice and skilled developers alike to copy commonly used commands from a webpage (ahem, StackOverflow) and paste them into their applications, a Windows command prompt or a Linux terminal.īut Friedlander warns a webpage could be covertly replacing the contents of what goes on your clipboard, and what actually ends up being copied to your clipboard would be vastly different from what you had intended to copy. Recently, Gabriel Friedlander, founder of security awareness training platform Wizer demonstrated an obvious yet surprising hack that'll make you cautious of copying-pasting commands from web pages. Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised.Ī technologist demonstrates a simple trick that'll make you think twice before copying and pasting text from web pages. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |