Just Fucking Use Cloudflare – A satirical guide to the CF stack
https://justfuckingusecloudflare.com
#HackerNews #JustFuckingUseCloudflare #CloudflareGuide #Satire #TechStack #WebSecurity
CSRF protection without tokens or hidden form fields
https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields
#HackerNews #CSRFProtection #WebSecurity #Programming #BestPractices #TechBlog
Lambert Heller
and 1 other
boosted
Top 10 Browser Fingerprint Test Tools in 2025
A browser fingerprint is the unique set of data your browser and device reveal #online, such as system info, fonts, screen size, and #IPaddress. Detecting your #browser fingerprint matters because it helps protect #privacy, maintain #anonymity, and manage multiple #account's securely. In this article, there review the top 10 browser #fingerprint test tools in 2025, comparing their features and use cases.
https://blog.browserscan.net/docs/top-10-browser-fingerprint-test-tools
Upcoming Changes to Let's Encrypt Certificates
https://community.letsencrypt.org/t/upcoming-changes-to-let-s-encrypt-certificates/243873
#HackerNews #Upcoming #Changes #to #Encrypt #Certificates #Changes #SSL #Certificates #Cybersecurity #WebSecurity
Denial of service and source code exposure in React Server Components
#HackerNews #DenialOfService #SourceCodeExposure #ReactServerComponents #WebSecurity #SoftwareDevelopment
Top 10 Browser Fingerprint Test Tools in 2025
A browser fingerprint is the unique set of data your browser and device reveal #online, such as system info, fonts, screen size, and #IPaddress. Detecting your #browser fingerprint matters because it helps protect #privacy, maintain #anonymity, and manage multiple #account's securely. In this article, there review the top 10 browser #fingerprint test tools in 2025, comparing their features and use cases.
https://blog.browserscan.net/docs/top-10-browser-fingerprint-test-tools
Trick users and bypass warnings – Modern SVG Clickjacking attacks
https://lyra.horse/blog/2025/12/svg-clickjacking/
#HackerNews #SVG #Clickjacking #Clickjacking #Cybersecurity #WebSecurity #ModernThreats
Explore what the browser exposes about you
https://neberej.github.io/exposedbydefault/
#HackerNews #Explore #Browser #Privacy #WebSecurity #DigitalFootprint #UserData #Transparency
Stefano Marinelli
boosted
Anyone know of a good curated list of JA3 fingerprints of known shitty bots? (Think: Alibaba, Tencent, AI slop, etc)
The only two I could find are:
f79b6bad2ad0641e1921aef10262856b
5cc600468c246704e1699c12f51eb3ab
Anyone know of a good curated list of JA3 fingerprints of known shitty bots? (Think: Alibaba, Tencent, AI slop, etc)
The only two I could find are:
f79b6bad2ad0641e1921aef10262856b
5cc600468c246704e1699c12f51eb3ab
Blocking LLM crawlers without JavaScript
https://www.owl.is/blogg/blocking-crawlers-without-javascript/
#HackerNews #BlockingLLMcrawlers #JavaScript #CrawlerProtection #WebSecurity #TechNews #OWLBlog
Firefox Expands Fingerprint Protections
https://blog.mozilla.org/en/firefox/fingerprinting-protections/
#HackerNews #Firefox #Fingerprint #Protections #Privacy #WebSecurity #Mozilla
Jan :rust: :ferris:
and 1 other
boosted
We're creating a new series of articles about Authentication.
Our first new guide is about classic passwords -- the original method to authenticate and still the most common on the web. A refresher about password attacks, defenses and best practices:
https://developer.mozilla.org/en-US/docs/Web/Security/Authentication/Passwords
Thank you @chrisdavidmills for your review and feedback on this one!
We're creating a new series of articles about Authentication.
Our first new guide is about classic passwords -- the original method to authenticate and still the most common on the web. A refresher about password attacks, defenses and best practices:
https://developer.mozilla.org/en-US/docs/Web/Security/Authentication/Passwords
Thank you @chrisdavidmills for your review and feedback on this one!
alcinnz
boosted
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
»Crash, Boom, Bang—Offene Sicherheitslücke lässt fast alle aktuellen Browser abstürzen:
Das Problem betrifft sämtliche Chromium-basierten Browser und zeigt damit, wie weit die Monokultur in diesem Bereich vorangeschritten ist«
Vorher hatte ich oben den original Link getootet. Hier noch ein deutscher Artikel erklärend darüber.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #browser #google #chrome
Brash: Chromium Browser DoS Attack via document.title Exploitation
Brash is a critical vulnerability in Blink, the rendering engine that powers Google's Chromium-based browsers. It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed.
#chromium #webbrowser #dosattack #blink #attack #dos #websecurity #brash #web #poc #documenttitle #websecurity #itsec #itsecurity #browser #google
Daniel Appelquist
boosted
We've written a new guide on Supply Chain Attacks:
https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/Supply_chain_attacks
Many thanks to the W3C SWAG CG and @ljharb for the reviews and feedback! #websecurity