Browser Features: Find in Page

For busy web users, the humble Find-in-Page feature in the browser is one of the most important features available. While Google or Bing can get you to the page you’re looking for faster than ever before, once you get to that page, you’ve got to find the information you’re looking for1, and that’s where Find-in-PageContinue reading “Browser Features: Find in Page”

Attack Techniques: Invoice Scams

Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — we look at Invoice Scams. PayPal and other sites allow anyone (an attacker) to send anyone (their victims) an invoice containing the text of the attacker’s choosing. In this attack technique, PayPal sends you an email suggesting that the attacker alreadyContinue reading “Attack Techniques: Invoice Scams”

Attack Techniques: Trojaned Clipboard

Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”

Authenticode in 2024

My 2021-2024 Authenticode certificate expired yesterday, so I began the process of getting a replacement last week. As in past years, I again selected a 3 year OV certificate from DigiCert. Validation was straightforward. After placing my order, I got a request for high-resolution photos of me holding my ID (I sent my passport andContinue reading “Authenticode in 2024”