McDonald's Website Flaws Allow Phishing Attacks
A researcher has disclosed a
couple of unpatched vulnerabilities affecting the official McDonald’s website
after the company ignored his attempts to responsibly report the issues.
Dutch security enthusiast Tijme Gommers discovered
a reflected cross-site scripting (XSS) vulnerability in the search
functionality of the McDonald’s website.
… According to the
researcher, the McDonald’s website decrypts the password client side using a
cookie that is valid for an entire year. Since the
same key and initialization vector are used for every customer, it’s
easy to obtain a password in plain text.
An attacker can create a link that exploits the XSS
vulnerability to load an external JavaScript file. Once the user clicks on the malicious
mcdonalds.com link, their password is decrypted and sent to the attacker. Gommers said the vulnerabilities also expose
names, addresses and other details.
For my Computer Security students. Does this become a Best Practice by
default?
Google reveals its servers all contain custom security
silicon
Google has published a Infrastructure
Security Design Overview that explains how it secures the cloud it uses for
its own operations and for public cloud services.
Revealed last Friday, the document outlines six layers of security and reveals some
interesting factoids about the Alphabet subsidiary's operations, none more so
than the revelation that “we also design custom chips, including a hardware
security chip that is currently being deployed on both servers and peripherals.
These chips
allow us to securely identify and authenticate legitimate Google devices at the
hardware level.”
For my Computer Forensics students and this is probably
useful for researchers in general.
You might have heard about The Internet Archive. It’s that dusty place on the web for all
digital artifacts. It’s not a tomb, but
a cache of knowledge that makes up our digital experience.
Its web crawlers collect data from all corners of the web
to build an historical collection that we can browse for free
anytime. If you think that’s a usable
bit of work, then you will like what the Wayback Machine Chrome extension can do.
The Wayback
Machine Chrome extension detects dead web pages and gives you the
option to view an archived version of the page.
(Related).
No matter how few numbers reside in your head, hopefully
you know your own phone number! However,
there may be times when you need to look up the number of the phone you’re
using. Perhaps you had a brief bout of
amnesia or are trying to
return a lost phone.
Continuing a discussion with my students about the
difference between ‘profitable’ and ‘successful.’ (and between ‘revenue’ and ‘profit!’)
Investors Try to Tap Into the Next Craiglist, Regardless of
Earnings
In the race to find and fund the next Craigslist, venture
investors aren’t letting a lack of revenue stand in the way.
The two leading contenders
offering app-based classified listings have raised some $300 million in the
past six months, despite generating virtually zero revenue.
For my student researchers. What’s on your RSS feed?
For my gamers. Do
you want to play or get rich? (Not bad
for half a year.)
Pokémon Go generated revenues of $950 million in 2016
Pokémon Go generated an estimated $950 million in revenues
in 2016, according to a report by market
researcher App Annie.
Niantic Labs launched Pokémon Go on July 6, 2016, and
it became a smash hit. Within a couple
of months, Niantic announced that it had been downloaded more than 500 million
times.
With the Trump Circus replacing P.T. Barnum’s, this seemed
appropriate. (Do you see some
anti-Trumpisms in them?)
10 Memorable Quotes From the 'Worlds Greatest Showman' P.T.
Barnum
No comments:
Post a Comment