Today, most browsers integrate security services that attempt to protect users from phishing attacks: for Microsoft’s Edge, the service is Defender SmartScreen, and for Chrome, Firefox, and many derivatives, it’s Google’s Safe Browsing. URL Reputation services do what you’d guess — they return a reputation based on the URL, and the browser will warn/block loadingContinue reading “Cloaking, Detonation, and Client-side Phishing Detection”
Category Archives: tech
How Downloads Work
I delivered a one hour session on the internals of file downloads in web browsers at THAT Conference 2024. The slides are here and a MP3 of the talk is available. If you’d prefer to read, much of the content in the talk is found in this blog’s posts that have a Download tag.
Defense Techniques: Blocking Protocol Handlers
Application Protocols represent a compelling attack vector because they’re the most reliable and cross-browser compatible way to escape a browser’s sandbox, and they work in many contexts (Office apps, some PDFs handlers, some chat/messaging clients, etc). Some protocol handlers are broadly used, while others are only used for particular workflows which may not be relevantContinue reading “Defense Techniques: Blocking Protocol Handlers”
Troubleshooting Edge (or Chrome) Broken UI
Last time, we looked at how to troubleshoot browser crashes. However, not all browser problems result in the tab or browser crashing entirely. In some cases, the problem is that some part of the browser UI doesn’t render correctly. This most commonly occurs with parts of the UI that are written in HTML and JavaScript. InContinue reading “Troubleshooting Edge (or Chrome) Broken UI”
Driving Electric – One Year In
One year ago, I brought home a new 2023 Nissan Leaf. I didn’t really need a car, but changing rules around tax credits meant that I pretty much had to buy the Leaf last fall if I wanted to save $7500. It was my first new car in a decade, and I’m mostly glad IContinue reading “Driving Electric – One Year In”
text/plain 