Security researcher Sabri posted a bit of code that will “force restart any iOS device.” It’s interesting to see HTML & CSS have this kind of dangerous power. It’s essentially a ton of <div>s scaled to be pretty huge …
…because third-party anything really isn’t safe. Jake Archibald:
…If you’re worried about users tricking your site into loading third party resources, you can use CSP as a safety net, to limit where images, scripts and styles can be fetched from.
I was strongly reminded about the scariness of non-secure websites the other day.
I’m using Xfinity as an internet service provider, and they give you a device that is both a cable modem and a router.
Here’s a tiny bit …
For all y’all that want to understand the potential attacks, and potential defenses, of front-end web development.
It’s pretty wild. The dangers are big, real, and many. But the tools we have to fight back are up to the job, …
Eric Lawrence has written a pretty scary post about browser security and malicious websites that hope to trick us:
…When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a
The web is full of third-party scripts. Sites use them for ads, analytics, retargeting, and more. But this isn’t always the whole story. Scripts can track your behavior, your preferences, and other information.
Here, we’re going to look at the …
I just recently took CSS-Tricks “HTTPS everywhere”. That is, every URL on this site enforces the HTTPS (SSL) protocol. Non-secure HTTP requests get redirected to HTTPS. Here are some notes on that journey.…
