BC FOR LATER READ
Saved by @CodyyyGardner

#Learn365 Day-6: Cross-Site Leaks

Goldmine to Learn: https://t.co/TsqGRWxPq7

Cross-Site Leaks/XS-Leaks is a less explored security issue that usually comes from Side-Channel Attacks. I found this an interesting vector but unusual.

(1/n)

#BugBountyTips #infosec #AppSec

 (2/n)
This basically utilizes the web's core principle of composability in order to determine & extract useful information.

XS-Leaks take advantage of small pieces of information that are exposed during interactions between websites.
(3/n)
Cross-Site Oracle.

This can be considered as a querying mechanism. The information used for this attack is of binary form and called Oracles. It usually has an answer of "Yes" or "No". You can say True or False.
(4/n)
For Example: Does User Harsh Exists in the Application. Yes, means that the user is there in the application.
- An attacker requires to smartly form queries in order to successfully execute this attack and gain hold of sensitive information.
(5/n)
Some of the Attacks using Cross-Site leaks are:

1. XS-Search: An attacker try to abuse the query mechanism such as search functionality to leak and get hold of the user's information.

Remediation
- Same Site Lax Cookies
(6/n)
Usual Exploitation Workflow:

1. Define a timeline when there is a Hit vs Miss
2. Start attacking the Querying Endpoint.
3. For Example: ?search=h (Throws a Hit)
search for the next word appended to `h` i.e. ?search=ha otherwise change the word i.e. ?search=b
(7/n)
2. Error Events

Based on the Error Message returned by the application, it may be possible to enumerate sensitive information. This is similar to user enumeration techniques.

Reference: https://t.co/2iIVT0xei2
(8/n)
3. Frame Counting
The window.length provides the number of frames in the window. This attribute can provide valuable information about a page to an attacker.

References: https://t.co/XjOZL3yiZF
(9/n)
3. Navigation Attacks
Reference: https://t.co/lS3LT80Foa

4. Cache Probing
- Workes based on detecting whether the web page was cached or not.
Ref: https://t.co/ejAdOHaIFG

5. ID Attribute
Ref: https://t.co/11lwLzE2DD
(10/n)

6. Post Message Broadcasts
a. Sharing Sensitive message with untrusted origins
b. Leaking information based on varying content or on the presence of a broadcast

7. Abusing Browser Features
- CORB (Cross-Origin Read Blocking)
- CORP (Cross-Origin Resource Policy)
(n/n)

8. Timing Attacks
- Clock Based
- Network Timing
- Execution Timing
- Hybrid Timing
- Connection Pool

# Referneces
1. https://t.co/byryqh3bql
2. https://t.co/khunvHYDga
3. https://t.co/ssQ39okO55

I'll revisit this attack in near future & will try to find.

More from For later read

Rogier v Vlissingen
Rogier v Vlissingen
@vliscony
@jeffreyatucker In the end, it is all a natural consequence of a very human foible, namely that we all do everything we can to blame anybody or anything else for our problems, if we can get away with it. It's the reason why rulers start wars to squelch domestic dissent - macro and micro the same

The very notion of the germ theory of disease revolves around this and while it is good for selling medical interventions, treatments and pharmaceuticals, it is no good for either personal health, or public health in any way. We need to start looking at health on a holistic level

More of a systems approach to health would get us to see that the whole instinct to stamp out viruses, like the very counter-factual notion of "zero Covid," and other nonsense, are driven by this need to blame somebody or something else for our problems, so we can have our cake

and eat it too, i.e. we can pass the blame to others and go and kill them, be they bugs or other people (lockdowns???). The results are disastrous for health on both a personal and a public level, and we continue on a path of assured self-destruction. But times are changing, now.

Lifestyle Medicine @aclifemed provides the new paradigm, more of a systems approach to health, in which personal responsibility for our habits comes first, starting with nutrition. Immune systems become depressed by fatigue, stress, inner conflict, malnutrition and so on. Change
FOR LATER READ
Abir Ballan \U0001f60a
Abir Ballan 😊
@abirballan
Humans inherently like the act of solidarity. We are social beings. We like to huddle up and be together.
They used this against us.
They convinced us that it was an act of solidarity to flatten the curve, to wear a mask for others, to take the vaccines for others,


and to reach #covidzero for others. They convinced us that this was for the greater good of society.
In reality, this couldn't be further away from the truth. They have divided us and broken the core structure of our society. They have dehumanized us with their masks.

They set us against each other into clans on opposite sides of a spectrum. They have turned us into aggressive beings fighting for our survival. Some of us fear harm from the virus, others fear harm from the vaccine, and yet others fear harm from the attack on our civilization.

We are all on a flight or fight mode. We are all operating under the influence of fear. We must collect ourselves and reflect on what has happened over the last year.
How is this for the greater good of society?

They used a tactical warfare strategy against us.
'Divide and conquer'.
We fell for it.
Now we must become aware of it and fight back.
We must reunite. We must find true solidarity to save our world. To free ourselves. To regain our autonomy.
FOR LATER READ
Advertisement
Eli Tyre
Eli Tyre
@EpistemicHope
There's a particular kind of romantic partnership, with a certain sort of person, that I've wanted since I became a self-aware, directed agent at around age 15.

Empirically, this kind of relationship has been hard to achieve. It hasn't worked out yet, at least.

And this sometimes leaves me wondering if my standards are unreasonable.

In years past that desire was often very alive.

These days, I'm rarely directly or viscerally in contact with it.

I sometimes contemplate aiming for some other kind of romantic and/or sexual relationship instead. In part because I might be more effective if I...I don't know, got laid more? But that's not really the thing. More like, if I had someone around whom I could regularly relax.

But mostly, I don't pursue those alternative relationship-setups out of a sense of something like loyalty to myself + a vague sense of wrongness and/or sadness about it. It often feels like giving up or giving in.

[I might elaborate on the wrongness sometime.]
FOR LATER READ
Lyman Stone \u77f3\u4f86\u6c11
Lyman Stone 石來民...
@lymanstoneky
the strange reality of strict calvinism is that it makes a mockery of God's claims to hate, abhort, or even be theoretically opposed to evil

the calvinist solution to the problem of evil, which I have *literally heard from the lips of a faithful well-catechized Presbyterian* is, "well, all that happens is God's will, and to do His will is to manifest goodness, and goodness gives God joy, so God must rejoice in evil"

The hypothetical I gave was, "Suppose that there was a city of Christians, and a bomber flew over the city, and the guy at the controls tripped and accidentally armed and dropped a bomb, and wiped out the city: is that God's will? What does God think of that?"

His answer in addition to the above cited the Flood, Soddom, and Nineveh.

Because we all know that God's response to the Flood was, "I REALLY liked that, it was AWESOME, it satisfied my will and purposes to obliterate my creation!"

Once you have drunk the "but muh sovrintee" Kool-Aid you cannot escape the argument that literally everything that happens is not just God's will in some philosophical sense, but His will in the sense of "things that bring him pleasure."
FOR LATER READ
Mueller, She Wrote
Mueller, She Wrote
@MuellerSheWrote
THREAD: My thoughts on the decision not to call witnesses. Please correct me if I'm wrong. This take is based on what I think I know, and there's much I don't know, but I do not understand why the dems didn't depose Rep. Beutler. Let's talk about the objections: 1/

First, many are saying it would drag this thing out and prevent Biden's agenda from moving forward. I don't see how that's possible. The senate had the votes to depose Rep. Beutler. We saw that with the 55-45 vote to allow witnesses. GOP can't filibuster that 2/

It would have taken probably a week to depose her and introduce her testimony into the senate record. The senate is scheduled to be in recess this week. The only thing a deposition of Beutler would have done is stopped the senate's vacation. 3/

Since everything would have been done in roughly a week, and the senate was scheduled for a week-long vacation, the deposition of Beutler wouldn't have delayed any of Biden's agenda. 4/

Next, many are saying Mitch threatened to filibuster Biden's agenda. That's also an empty threat. Cabinet confirmations require only a simple majority vote, and the Covid relief package is going through the budget reconciliation process so it's not subject to filibuster 5/
FOR LATER READ

You May Also Like

Bartosz Ziembinski
Bartosz Ziembinski
@zmbnski
Still wondering about this 🤔


save as q
Q
Anu Satheesh
Anu Satheesh
@AnuSatheesh5
Puthucode Annapoorneshwari Temple,
Palakkad, Kerala 🚩
#keralatemples
अन्नपूर्णे सदापूर्णे शङ्करप्राणवल्लभे 
ज्ञानवैराग्यसिद्ध्यर्थं भिक्षां देहि च पार्वति 

Temple is also called Puthukode Bhaghavathy Kshetram
Parasurama did Prathishta of Devi here. Temple is one amoung 👇


108 Durga temples
Navarathri festival is celebrated in a grant manner here. Annadanam is done daily on these days. The Idichu pizhinja payasam/ Chathachatayam is the main nivedyam in Annapoorneswari temple during Navarathri.
In the mornings, Devi Mahatmyam and Sundarakandam are


recited here daily.
Sri Godavarma Raja gifted lots of rice fields for the maintenance of the temple.
Annapoorneshwari holds Shanku and Chakra in her hands. Puthucode Annapoorneswari Temple is managed by the Naduvil Madom Devaswom.
🙏🕉🙏
ALL
Advertisement
Damodar Hegde
Damodar Hegde
@DamodarHegde4
MUST READ TILL END:
FB POST BY MR PRABEER BASU,
IAS-1976(BIHAR)
" Received a hurtful post from an old friend and colleague. He was on my daily Broadcast list of WhatsApp. He requested that I do not send him any of my posts on 'political' issues. I gave him a long explaination
>2

2/29
on why I write and what I write. But he was not convinced.

Being alerted by him thus, I felt I should clarify to all who read my posts on what exactly I think and do.

The charge against me is that I wrongly support our current Prime Minister, Shri Narendra Modi..
>3

3/29
and that it establishes I am not rational and impartial anymore.
Let me try and explain.First and foremost,I do not write on 'political' issues. I write on 'national' issues. For example, I have no opinion on whether Rahul Gandhi should be President of his party or not.
>4

4/29

Similarly, I have no views whether BJP is a better party than Congress or vice versa.
Even after 36 years in the IAS I have no MLA, MP or anyone involved in politics whom I can classify as my friend or even acquaintance.
>5

5/29
So, naturally I don't care which party wins or loses as long as the winning party runs an honest government doing good to my nation.
Now, why I speak in favour of Shri Modi:

1. Ever since the beginning of my service I realised that Planning Commission was not serving..

>6
INDIA
Tom Hirst
Tom Hirst
@tom_hirst
How to create a freelancing website that makes money.

Everything I've learned.

A thread.

As a freelancer,

Your website is everything.

First, prioritise its existence.

Second, prioritise its improvement.

The technology you use is irrelevant.

- WordPress
- Notion
- Carrd
- Wix

It doesn't matter which you choose,

What matters is you have a website.

Pick a platform that you're comfortable with.

If you can:

- Capture leads
- Add content easily
- Have a clear design

You're good.

If your website doesn't get leads,

It's not working.

Don't rest on a website that doesn't work for you.

Improve it until it does.
STARTUPS
Anshul Pandey
Anshul Pandey
@Anshulspiritual
BRAHMA VAIVARTA PURAN: IMPORTANCE AND CHARACTERISTICS.

This Puran introduces us to way of Vedas. On the request of Narad Muni Bhagwan Saavarni had preached this Puran. It is a summary of Dharma, Arth, Moksha etc.


Listening to this Puran one gets automatically attached to Vishnu and Shiva and realize that there is no difference between them. Vyasji divided this book into four parts. It has eighteen thousand shlokas. This whole book is in the form of dialogue between Suutji and Maharishi's.

The first part Brahmkhand, consists of Shrishti description. Here Shri is known as Para Brahma and description of Gokul is also mentioned, It also narrates the argument between Brahma and Narad in which both were defeated, and then Narad went to Shiva to attain more gyan.

Shivji advised him to go to Bhagwan Saavarni for this. Narad goes to Saavarni ashram to seek Knowledge and is totally amazed by the sorroundings.

Next is Prakriti khand which consists of dialogue between Narad and Saavarni where they discuss the

Importance of Shri Krishna through various stories. Then there is the discussion of Prakriti and its various hues. Listening to this gets you wealth.
Next is Ganesh Khand which describes the Punyak vrat done by Parvati ji. After this it narrates the birth of Kartikeya and Ganesh.
RELIGION