A sad part of getting older is losing friends along the way. But it’s an important reminder that every day is a gift, and no tomorrow has been promised. Last week brought the sad news that David Ross has passed away. David was a giant and a pioneer in the new field of web applicationContinue reading “Memento Mori – Farewells”
Author Archives: ericlaw
Attack Techniques: PayPal Invoice Scams
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — we look at Invoice Scams. PayPal and other sites allow anyone (an attacker) to send anyone (their victims) an invoice containing the text of the attacker’s choosing. In this attack technique, PayPal sends you an email suggesting that the attacker alreadyContinue reading “Attack Techniques: PayPal Invoice Scams”
Attack Techniques: Trojaned Clipboard
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”
Authenticode in 2024
My 2021-2024 Authenticode certificate expired yesterday, so I began the process of getting a replacement last week. As in past years, I again selected a 3 year OV certificate from DigiCert. Validation was straightforward. After placing my order, I got a request for high-resolution photos of me holding my ID (I sent my passport andContinue reading “Authenticode in 2024”
Attack Techniques: Remote Control Software
In yesterday’s post, I outlined the two most successful (and stupid simple) attack techniques that you might not expect to work (and you’d be so very wrong): Today, let’s explore number 3: “Please give me control of your computer so I can, uh, fix it?“ In this attack, an attacker convinces you that there’s someContinue reading “Attack Techniques: Remote Control Software”
Attack Techniques: Full-Trust Script Downloads
While it’s common to think of cyberattacks as being conducted by teams of elite cybercriminals leveraging the freshest 0-day attacks against victims’ PCs, the reality is far more mundane. Most attacks start as social engineering attacks: abusing a user’s misplaced trust. Most attackers don’t hack in, they log in. The most common cyberattack is phishing:Continue reading “Attack Techniques: Full-Trust Script Downloads”
Spring 2024 Updates
After a slow and painful 2024 Cap10K, I ran the HEB Sunshine Run 10K on May 5th in 1:05:53, just 22 seconds faster, but without pain or surprises. After months without running several hours per week, my fitness has definitely fallen off a cliff. I either need to get back to the treadmill or restartContinue reading “Spring 2024 Updates”
ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox
Recently, many Microsoft employees taking training courses have reported problems accessing documents linked to in those courses in Chrome and Edge. In Edge, the screen looks like this: But the problem isn’t limited to Microsoft’s internal training platform, and can be easily reproduced in Chrome: What’s going on? There are a number of root causesContinue reading “ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox”
Mouse Gestures in Edge
Over twenty years ago, the Opera browser got me hooked on mouse gestures, a way for you to perform common browser actions quickly. After I joined the IE team in 2004, I fell in love with a browser extension written by Ralph Hare and I later blogged about it on the IEBlog and helped RalphContinue reading “Mouse Gestures in Edge”
Going Electric – Solar 1 Year Later
In March of 2023, I had an 8kw solar array installed and I was finally permitted to turn it on starting April 21, 2023. My pessimistic/optimistic assumption that my buying an expensive solar array was going to be the trigger for technological breakthroughs in solar technology that rendered my panels obsolete wasn’t entirely unfounded. SureContinue reading “Going Electric – Solar 1 Year Later”
text/plain 