Tech Pro - Hobby Aviator - VR Enthusiast 🇵🇷🧑🏻‍💻🛩️🥽 https://techviator.com

  • 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: June 3rd, 2023

help-circle


  • I’m in the same boat! I have tried, really tried, the only things I like are the extensions support on mobile browser, and the sync with the Wolvic on the Quest VR, but it feels old and some websites render weirdly on it, plus the lack of support for PWAs really make it tough.

    I like Brave best, with Edge as a second choice, as weird as that sounds. I miss Firefox when it was the modern and most secure browser.


  • cnames do not point to IP address, they point to a resource on another domain, in this case azureresource.azure.-com for example.

    Say you have a temporary webpage called flashsale.example.-com you created a cname pointing that subdomain to an azure resource that shows your desired content. Then you remove the azure resource, but leave the cname in place.

    If a create another azure resouce with whatever public azure url you used before, and I make it look like your current website, say I impersonate your current login.example.-com on that azure resource, now your cname flashsale.example.-com os pointing to it, but you don’t control the azure resource now, I do.

    Now I can try to phish your customers by sending emails with real links, like: Dear customer, your account will be charged $900 for your last purchase, if this purchase was made in error or was not authorized by you, sign in to flashsale.example.-com immediately to cancel it. And now I have your customer’s credentials.

    And that is just one example, there are many more ways to exploit an orphaned cname subdomain, like using it to serve malware, using it to control bots without being blacklisted, etc.