Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
Hoping early Monday isn't too late for a small-scale question, so here goes:
In the wake of a friend falling victim to a phishing scam in which they were convinced to send a screenshot of a link to a password reset page (indeed, head-slappingly bad), I'm currently being dragged in real life for my hot take, two-part opinion that
This scam was facilitated by the common advice that you should NEVER follow links because they could be from a hacker and then you will get hacked! and
This advice isn't actually very good, in the sense that nothing bad can really happen to you just from following some random link.
As a web developer I know something about how the web works, but obviously I don't know everything, so I'm curious if someone else can come up with a really bad outcome achievable just by clicking on a link. Could you, say, send an API request to a bank from within your webpage, and then read the response and cookies from the host page? I'm thinking this would be blocked by both browser and site technology. This has to be what CORS is for, right? Not just to annoy me while I'm developing?
Anyway, like I said, suggestions welcome.
If your browser has an unpatched, exploitable vulnerability, the sky's the limit. It shouldn't be possible for a web site to run malicious code on a simple page load, but browsers don't always work the way they should.
More options
Context Copy link
More options
Context Copy link