@baloo Fair point. Sure wish the click-tracking frameworks all had an easy "BYO subdomain" feature so that small shops could easily make in-domain redirects easy.
Posts
-
Odd that Gmail doesn't have a "warn when link text uses a domain that doesn't match the link" feature. This seems trivial to implement? -
Odd that Gmail doesn't have a "warn when link text uses a domain that doesn't match the link" feature. This seems trivial to implement?Odd that Gmail doesn't have a "warn when link text uses a domain that doesn't match the link" feature. This seems trivial to implement?
-
Why wasn't today's YubiKey vuln announcement actually driven as an Infineon vulnerability, with Infineon themselves pre-coordinating the list of which implementations are vulnerable?Why wasn't today's YubiKey vuln announcement actually driven as an Infineon vulnerability, with Infineon themselves pre-coordinating the list of which implementations are vulnerable?
-
Is there a cloud "throw money at the problem" service that cracks md5crypt passwords with GPUs?@xabean What's in the other /etc/shadow?
-
Is there a cloud "throw money at the problem" service that cracks md5crypt passwords with GPUs?@xabean No immediate hits - permuted case and leet for both 'Yealink' and 'YealinkPhone', and appended and prepended all sorts of stuff (all possible 4-char suffixes, etc.) ... nothing so far
-
Is there a cloud "throw money at the problem" service that cracks md5crypt passwords with GPUs?@xabean Depending on sensitivity, Hashes.com has a bounty / escrow system (free). Or you could upload it as a 'user list' to HashMob. Or you could let me take a ... crack at it (2x 4090s).
Edit: a third option, if you know hashcat and Docker, is to just rent a chunk of GPUs through vast.ai or similar.
-
Some of you have seen this before, but it's been updated to with a more efficient encoding and new bonus features - run one of the following commands at a terminal (will not work if run through screen):@ryanc If I have, I've totally spaced it and it will be as fun as the first time? Link me!
-
Some of you have seen this before, but it's been updated to with a more efficient encoding and new bonus features - run one of the following commands at a terminal (will not work if run through screen):@ryanc Looks great! Subtitles are a nice touch!
-
I know this dates me, but ... -
I know this dates me, but ...@ryanc Yeah, Definitely pro TSV! When I say CSV out loud, I actually mean TSV in my head. I need to watch that ...
I'll also have to dig up the post where I grieve for the alternate future where we actually used the actual dedicated field and record separator characters built into ASCII. So much avoidable pain.
-
I know this dates me, but ...I know this dates me, but ... 80% of the problems I'm solving with
jq
are caused by using JSON at all ... when a simpler format would have been fine.Repeating every verbose field name in each record, when the schema is flat, is often premature "schema might need to be variable someday" optimization.
When the Rapid7 DNS data was freely available, it was distributed as a one-line-per-stanza JSON file. The first thing I'd do after downloading it was convert it to CSV ... which cut its size by 60%.
It's like buying a ten-pound box of individually wrapped grains of rice.
-
Did you that there's a thing called the "Automatic Billing Update" program (ABU), that enables merchants to get notified of your replacement payment card number before it even shows up in your mailbox?Did you that there's a thing called the "Automatic Billing Update" program (ABU), that enables merchants to get notified of your replacement payment card number before it even shows up in your mailbox?
https://globalnews.ca/news/9763295/little-known-credit-card-program-companies-information/
Yep, you can guess what the bad guys are doing. They're registering as a merchant and then involuntarily signing people up for nonexistent "subscriptions" ... that their support path mysteriously refuses to let you unsubscribe from:
https://malwaretips.com/blogs/vigor-vita-cbd-gummies/
But if you naively report these to your issuer as simply 'fraud', they will just ... issue you a new card. And then the "subscription" will be charged again.
Many issuer support teams seem be totally unaware of this fraud type. You have to explicitly tell them it's a subscription scam, and ask them block that merchant from using ABU to get your new card number. (That card is lost, but at least the evil merchant won't get the next one).
(I found this out the hard way, helping some elderly friends, whose cards kept getting mysteriously "compromised". When I realized that an unexpected charge happened before they had even received the new card ... I knew it wasn't just ordinary skimming or phishing.)
tl;dr When you detect unauthorized charges, ask your issuer to check for ABU and block the entire merchant. Otherwise, you'll be caught in an unending cycle of useless reissuance!