Hacker News with Generative AI: Web Security

DoubleClickjacking: A New type of web hacking technique (paulosyibelo.com)
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click.
Web Security, Hacking, Cybersecurity
116 points by shinzub 4 days ago | 61 comments
Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over (rmondello.com)
Independent media venture 404 Media recently published a post titled, “We Don’t Want Your Password”. The piece is a cogent explanation of the problems with password-based accounts online followed by a defense of the website’s login strategy, magic links, in the face of feedback about them being inconvenient and difficult to use.
Web Security, User Experience, Passwords, Authentication, Magic Links
50 points by mooreds 12 days ago | 57 comments
SHA-256, ECDH, Ecdsa and RSA Not Approved by ASD in Australia for 2030 (medium.com)
I am a bit shocked … SHA-256, RSA, ECDSA and ECDH will not be approved for use in Australia by 2030. Basically, these four methods are used for virtually every Web connection that we create, and where ECDH is used for the key exchange, ECDSA or RSA is used to authenticate the remote server, and SHA-256 is used for the integrity of the data sent. The removal of SHA-256 definitely goes against current recommendations.
Cryptography, Security, Australia, Web Security, Standards
10 points by gnabgib 31 days ago | 2 comments
Manifest V3 fails to prevent data theft and malware exploitation (techradar.com)
Web Security, Browser Extensions, Software Security, Malware
14 points by josephcsible 68 days ago | 0 comments
Web Locks API (mozilla.org)
The Web Locks API allows scripts running in one tab or worker to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script executing in the same origin can acquire the same lock, which allows a web app running in multiple tabs or workers to coordinate work and the use of resources.
Web Development, APIs, JavaScript, Web Security, Browser Features
218 points by mooreds 68 days ago | 104 comments
Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey (pspaul.de)
Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler.
Security, Web Security, Vulnerabilities
93 points by todsacerdoti 80 days ago | 6 comments
Show HN: KyberLock – Crystals-Kyber Post-Quantum Cryptography in the Browser (kyberlock.com)
Cryptography, Web Security, Post-Quantum Cryptography, JavaScript
3 points by leonardoeloy 91 days ago | 0 comments
New passkey specifications will let users import and export them (9to5mac.com)
Passkeys were introduced two years ago, and they replace traditional passwords with more secure authentication using a security key or biometrics. To make the technology even better, the FIDO Alliance published on Monday new specifications for passkeys, which ensure a way to let users import and export them.
Security, Passwords, Authentication, Web Security
5 points by alwillis 95 days ago | 2 comments
Coming soon: Securely import and export passkeys (1password.com)
Passkeys are superior to passwords in almost every way. They’re simpler to use because there’s nothing to memorize, type out, or paste in. They’re also always strong and come with multi-factor authentication built right in. In short, passkeys are awesome.
Security, Passwords, Authentication, Web Security
8 points by samcat116 95 days ago | 0 comments
CS 253 Web Security (web.stanford.edu)
This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
Web Security, Computer Science, Education
58 points by udev4096 97 days ago | 0 comments
How to Hack the Breakthrough Prize (Ft. Session Confusion) (varun.ch)
In 2023, I discovered a critical vulnerability in the Breakthrough Challenge website. After over one year since it was patched, I am disclosing the bug for the sake of transparency. I believe this class of vulnerability, which I am introducing as 'Session Confusion', is often overlooked.
Security, Web Security, Bug Bounty, Transparency
29 points by varun_ch 114 days ago | 8 comments
htmx Web Security Basics (htmx.org)
As htmx has gotten more popular, it’s reached communities who have never written server-generated HTML before.
Web Security, htmx, HTML
95 points by indigodaddy 131 days ago | 22 comments
Securing Your Downloads: An In-Depth Look at Mark of the Web (MOTW) (medium.com)
Security, Software, Internet, Web Security
6 points by rolph 165 days ago | 0 comments
Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (krebsonsecurity.com)
Security, Cybersecurity, Web Security, Domains, Squarespace
180 points by todsacerdoti 186 days ago | 104 comments
MDN tool that tells you of security gaps in your website (mozilla.org)
Web Security, Security Tools, Mozilla, Web Development
56 points by lilouartz 197 days ago | 11 comments
Many website admins have yet to get memo to remove Polyfillio links (arstechnica.com)
Web Security, JavaScript, Website Development
6 points by kurthr 198 days ago | 0 comments
OWASP Juice Shop: Hacking a Modern Web Application (javascripttoday.com)
Web Security, OWASP, Application Security, JavaScript
101 points by whatamidoingyo 210 days ago | 17 comments
How New Headless Chrome and the CDP Signal Are Impacting Bot Detection (datadome.co)
Web Security, Bot Detection, Chrome, Headless Browsing
23 points by avastel 218 days ago | 2 comments
Response Filter Denial of Service: shut down a website by triggering WAF rule (sicuranext.com)
Cybersecurity, Web Security
95 points by albinowax_ 242 days ago | 26 comments
Plain Text Offenders (plaintextoffenders.com)
Security, Web Security
14 points by EndXA 255 days ago | 8 comments
Common Google XSS (matan-h.com)
Web Security, Google
159 points by matan-h 256 days ago | 16 comments