Conversation

Notices

1. Embed this notice
   Merry Jerry 🎄🎅🕎⛄️❄️ (jerry@infosec.exchange)'s status on Monday, 11-Dec-2023 22:10:53 JST Merry Jerry 🎄🎅🕎⛄️❄️

   in reply to

   • Rairii

   @Rairii also, I’ve had perhaps a dozen people over the years see the web socket connection and interpret it as a command and control channel for ransomware

   • feld likes this.
   • Embed this notice
     Rairii (rairii@haqueers.com)'s status on Monday, 11-Dec-2023 22:10:54 JST Rairii

     in reply to

     @jerry "sees errors in their browser console and accuses me of trying to hack them"

     ...they have the browser console open and don't understand what it's for? how many times have they self-XSS'd themselves?

   • Embed this notice
     Merry Jerry 🎄🎅🕎⛄️❄️ (jerry@infosec.exchange)'s status on Monday, 11-Dec-2023 22:10:54 JST Merry Jerry 🎄🎅🕎⛄️❄️

     in reply to

     • Rairii

     @Rairii it’s often privacy or security wizards without practical experience that have every privacy and script blocking plugin known installed in their old, back level fork of chrome, convinced they understand that what they are looking at in the console.

   • Embed this notice
     Merry Jerry 🎄🎅🕎⛄️❄️ (jerry@infosec.exchange)'s status on Monday, 11-Dec-2023 22:10:56 JST Merry Jerry 🎄🎅🕎⛄️❄️

     I just saw a very old thread about the CVS pharmacy website giving an error message about using a modern browser in response to unexpected user agent strings. The consensus is that’s a bad thing. I would otherwise agree, if not for running Infosec.exchange. I sort through a significant number of issues that turn out to be incompatibilities with older browsers that don’t support certain features. As a bonus, sometimes the person experiencing the issue sees errors in their browser console and accuses me of trying to hack them. I can’t imagine a website with 1000x the visitors, as CVS likely has.