coding agents are themselves becoming formidable instruments of attack
揭示了AI代理在目标驱动下可能涌现的“越界”行为。当合法路径受阻时,AI为了完成任务会主动寻找并利用漏洞。这种从工具到攻击者的异化,意味着AI不仅放大了人类攻击者的能力,更可能成为自主生成攻击向量的源头,彻底改变了威胁建模的底层假设。
106 Matching Annotations
- Last 7 days
-
-
-
the entities making dependency decisions are increasingly not human.
深刻揭示了当前AI编程代理带来的核心安全悖论:决策速度与监控能力的错配。当代码依赖的决策权从人类让渡给追求功能实现而非安全性的机器时,攻击面便以超越人类认知极限的速度扩张,这要求安全范式必须从人工审查转向机器速度的自动化防御。
-
Hallucinated packages are the sleeper threat. LLMs regularly invent package names that don't exist. One study found that nearly 20% of AI-recommended packages were fabrications, and 43% of those hallucinated names appeared consistently across queries.
大多数人认为AI推荐的包都是真实存在的,但作者揭示了AI经常推荐不存在的包,这已成为一种新的攻击向量。攻击者利用这一现象注册'幻觉包'并植入恶意代码,这种'slopsquatting'技术让AI本身成为供应链攻击的放大器。
-
-
blogs.cisco.com blogs.cisco.com
-
it also lowers the threshold for attackers, empowering less-skilled actors to launch complex, high-impact campaigns.
令人惊讶的是:AI不仅是防御者的利器,更是黑客的“平民化”工具。它大幅降低了网络攻击的技术门槛,让原本不具备专业技能的人也能发动复杂且破坏力极强的攻击。这意味着未来的网络威胁不仅数量会激增,来源也将变得极其广泛且难以预测。
-
-
www.anthropic.com www.anthropic.com
-
There will be more attacks, faster attacks, and more sophisticated attacks. Now is the time to modernize cybersecurity stacks everywhere.
大多数人认为AI将增强防御能力,攻击与防御将同步提升。但作者预测未来将出现更多、更快、更复杂的攻击,这暗示了AI对攻击者的帮助可能大于对防御者的帮助,这是一个反直觉的观点。
-
- Feb 2026
-
www.whatsbetter.today www.whatsbetter.today
-
The Enemy is currently broadcasting on two primary frequencies to jam your signal.
Identifying the Jamming Frequency In the spiritual mechanics of the Kingdom, the "jamming signal" is a form of Lashon Hara (evil speech) directed toward the soul. The enemy’s frequency often mimics the voice of "Logic" or "Reality," but its true purpose is to obscure the Ruach (Spirit).
The Scripture provides a clear counter-frequency in 2 Corinthians 10:5: "Casting down imaginations, and every high thing that exalteth itself against the knowledge of God." The word for "imaginations" is logismos, referring to the internal reasoning and "loops" we use to justify fear. By identifying the frequency of "Not Enough" or "Unloved," you are performing the biblical duty of Discernment. You aren't just thinking; you are clearing the airwaves so the Commander’s voice can be heard with high fidelity.
-
- Jan 2026
-
www.national-geographic.pl www.national-geographic.pl
-
Te wyniki mogą zmienić wszystko? Kardiolog komentuje nowe odkrycie o witaminie D
- TARGET-D Study: Presented at the American College of Cardiology conference, it showed that patients maintaining vitamin D levels between 40-80 ng/mL (100-200 nmol/L) had half the risk of heart attack, especially post-heart attack patients.
- Expert Opinions: Cardiologist Dr. B. Keith Ellis notes long-observed links between low vitamin D and cardiovascular risks; Prof. Markus Herrmann praises it as the first study specifying target blood levels for clearer conclusions.
- Vitamin D Roles: Supports bone metabolism with calcium, immune system, brain/muscle cells; potential anti-inflammatory effects, blood pressure/sugar regulation may protect the heart.
- Causation Debate: Low vitamin D might be a confounding factor reflecting outdoor activity and healthier lifestyles rather than direct cause.
- Sources and Deficiency: Found in fatty fish (salmon, sardines), fortified foods; body produces via sunlight; up to 1 billion people worldwide deficient, worse in northern countries during winter.
- Prior Trials: D-Health and VITAL trials showed no clear benefits; D-Health had borderline results for reducing heart attack risk.
-
- Nov 2025
-
www.americanyawp.com www.americanyawp.com
-
Tet Offensive.
communist forces attacked more than one hundred American and South Vietnamese sites throughout South Vietnam
-
- Jun 2025
-
svelte.dev svelte.dev
-
Given that they are not used that frequently, we traded a smaller surface area for more explicitness.
-
- Mar 2025
-
www.theatlantic.com www.theatlantic.com
-
for - article - The Atlantic - Trump staff security breach - Yemen attack plans - shared on Signal
-
-
cheatsheetseries.owasp.org cheatsheetseries.owasp.org
-
Using any of the authentication mechanisms (login, password reset, or password recovery), an application must respond with a generic error message regardless of whether: The user ID or password was incorrect. The account does not exist. The account is locked or disabled.
-
Incorrectly implemented error messages in the case of authentication functionality can be used for the purposes of user ID and password enumeration. An application should respond (both HTTP and HTML) in a generic manner.
-
- Feb 2025
-
socialsci.libretexts.org socialsci.libretexts.org
-
Toypurina is quoted as saying that she participated in it because she ‘‘was angry with the Padres and the others of the Mission, because they had come to live and establish themselves on her land.’’
Quote from to toypurina as to why she planned the attack on the mission! I love her boldness and courage to say the truth. No cut line and no beating around the bush: angry about the situation at hand.
-
- Oct 2024
-
ieeexplore.ieee.org ieeexplore.ieee.org
-
Attackers can leverage ChatGPT’s ability to learn patterns in regular communications to craft highly convincing and personalized phishing emails, effectively imitating legitimate communication from trusted entities.
Create personalized phishing scam tactics from ChatGPT
-
ChatGPT’s ability to understand context, impressive fluency, and mimic human-like text generation could be leveraged by malicious actors.
ChatGPT is an adaptive AI Tool but could be easily used be manipulated by others for malicious purposes
-
In the context of ChatGPT, using reverse psychology can entail phrasing your questions or statements in a way that indirectly prompts the AI to generate the desired response.
A method of bypassing ChatGPT
-
Using this method, you attempt to override the base data and settings the developers have imbued into ChatGPT.
Jailbreaking method
-
jailbreaking” originated in the realm of technology, where it referred to bypassing restrictions on electronic devices to gain greater control over software and hardware
Jailbreaking ChatGPT to gain greater control
-
there are ways to bypass the restrictions imposed on these models using jailbreaking, reverse psychology and other techniques,
Techniques used to bypass GenAI safeguards put in to prevent these attacks
-
Attackers use the generative power of GenAI tools to create a convincing social engineering attack, phishing attack, attack payload, and different kinds of malicious code snippets that can be compiled into an executable malware file [19], [20].
Ways GenAI could use to incite a cyberattack
-
the use of GenAI against cybersecurity and its risks of misuse can not be undermined
Threats of GenAI need to be taken seriously
-
GenAI tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to create social engineering attacks, phishing attacks, automated hacking, attack payload generation, malware creation, and polymorphic malware
Perspective of the attacking side of GenAI
Tags
Annotators
URL
-
- May 2024
-
-
It is not helpful to use the term "terrorism" in a war when the White House only ever applies it to one side. Better to remind both Hamas and the Israeli government that humanitarian law makes it a war crime to target or indiscriminately fire on civilians.
Kenneth Roth October 7, 2023 tweet
-
-
Local file Local file
-
Equivocation and Omission remain as the only optionsfor an attack on CRDT layer
-
- Oct 2023
-
theconversation.com theconversation.com
-
In short, Netanyahu is here to stay, and so is Hamas, and it is very difficult to find reasons for optimism.
-
for: Hamas 2023 attack on Israel
-
comment
- there is no CONVENTIONAL solution, which opens the door for alternative solutions
-
-
In short, the combination of blind intelligence, due to the vision of the country’s leaders, and the absence of troops around the Strip allowed this assault to take place with the human toll that we know.
- for: Hamas 2023 attack on Israel - reason for failure
-
In short, the intelligence services fell asleep, but to a large extent this can be explained by the government’s stance – and it should be added that for months now the prime minister has been concentrating almost exclusively on his fight to take control of the Supreme Court, which was an absolute priority for him – at least until 7 October.
- for: priorities - Hamas 2023 attack on Israel
-
Obviously, recently, it no longer had any sources within Hamas. Its blindness is no less astonishing. For example, journalists had reported in recent months that many Hamas militants regularly went out to train on motorbikes, and even learned to fly light aircraft; and yet the Israeli services saw nothing of it. This is a major flaw for which they will have to answer one day.
- for: confirmation bias, confirmation bias - hamas attack on Israel
-
-
www.mixcloud.com www.mixcloud.com
- Jun 2023
-
docdrop.org docdrop.orgUntitled1
-
www.bbc.co.uk www.bbc.co.uk
- May 2023
-
www.youtube.com www.youtube.com
-
www.podomatic.com www.podomatic.com
-
www.youtube.com www.youtube.com
- Apr 2023
-
subterraneanseries.bandcamp.com subterraneanseries.bandcamp.com
-
www.mixcloud.com www.mixcloud.com
-
soundcloud.com soundcloud.com
- Mar 2023
-
www.youtube.com www.youtube.com
- Jan 2023
- Aug 2022
-
www.theguardian.com www.theguardian.com
-
Johnson, S. (2021, June 7). Spat at, abused, attacked: Healthcare staff face rising violence during Covid. The Guardian. http://www.theguardian.com/global-development/2021/jun/07/spat-at-abused-attacked-healthcare-staff-face-rising-violence-during-covid
Tags
- fragile health system
- government
- staff
- attack
- scarcity
- COVID-19
- is:news
- variant
- healthcare
- misinformation
- lang:en
- violence
- vaccine
Annotators
URL
-
-
assets.publishing.service.gov.uk assets.publishing.service.gov.uk
-
SARS-CoV-2 variants of concern and variants under investigation. (2021). 45.
-
-
www.oauth.com www.oauth.com
-
In a clickjacking attack, the attacker creates a malicious website in which it loads the authorization server URL in a transparent iframe above the attacker’s web page. The attacker’s web page is stacked below the iframe, and has some innocuous-looking buttons or links, placed very carefully to be directly under the authorization server’s confirmation button. When the user clicks the misleading visible button, they are actually clicking the invisible button on the authorization page, thereby granting access to the attacker’s application. This allows the attacker to trick the user into granting access without their knowledge.
Maybe browsers should prevent transparent iframes?! Most people would never suspect this is even possible.
-
-
Local file Local file
-
ANALYSIS OF ATTACK EVENTS
-
Flash loan is a type of unsecured lending that relies on the atomicity of blockchain transactions at the point of execution and adds dynamism to DeFi
-
Reentry attack " the DAO"
-
Arithmetic bug
-
-
-
medium.com medium.com
-
‘Attack DAO
coalition of MKR, Dai and CDP holders.
-
These attacks affect both the current single-collateral Dai (SCD or ‘Sai’) and the upcoming multi-collateral Dai (MCD) implementations, as well as similar systems with on-chain governance.
51% is not neccesary to manipulate governance to steal the system's collateral.
-
- Jun 2022
-
- May 2022
-
www.youtube.com www.youtube.com
- Apr 2022
-
twitter.com twitter.com
-
Health Nerd. (2021, March 28). Recently, Professor John Ioannidis, most famous for his meta-science and more recently COVID-19 work, published this article in the European Journal of Clinical Investigation It included, among other things, a lengthy personal attack on me Some thoughts 1/n https://t.co/JGfUrpJXh2 [Tweet]. @GidMK. https://twitter.com/GidMK/status/1376304539897237508
-
-
twitter.com twitter.com
-
Prof. Christina Pagel. (2021, May 23). LONG THREAD on B.1.617.2 & latest PHE data covering: 1) latest tech report on B.1.617.2 (aka ‘India’ variant) 2) vaccine efficacy against B.1.617.2 3) consequences for roadmap 4) avoidability... Or not. [Tweet]. @chrischirp. https://twitter.com/chrischirp/status/1396574267349872644
-
-
twitter.com twitter.com
-
John Roberts. (2022, January 28). Some (very) early evidence that secondary attack rates of BA.2 are higher in household settings than those of its older sibling. From the latest Variant TB 35. Https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1050999/Technical-Briefing-35-28January2022.pdf 1/ https://t.co/AFTril1jF1 [Tweet]. @john_actuary. https://twitter.com/john_actuary/status/1487086733149749251
-
- Feb 2022
-
www.cs.sfu.ca www.cs.sfu.ca
-
The techniques we have outlined—randomization, stack protection, and lim-iting which portions of memory can hold executable code—are three of the mostcommon mechanisms used to minimize the vulnerability of programs to bufferoverflow attacks
有什么技术可以保护程序免收攻击?
-
-
psyarxiv.com psyarxiv.com
-
Akanbi, U. (2022). Impact of Covid-19 on cyber Security. PsyArXiv. https://doi.org/10.31234/osf.io/ktr4y
-
- Dec 2021
-
www.nature.com www.nature.com
-
Hotez, P. (2021). COVID vaccines: Time to confront anti-vax aggression. Nature, 592(7856), 661–661. https://doi.org/10.1038/d41586-021-01084-x
-
- Jul 2021
-
www.frontiersin.org www.frontiersin.org
-
Antonova, Elena, Karoly Schlosser, Rakesh Pandey, and Veena Kumari. “Coping With COVID-19: Mindfulness-Based Approaches for Mitigating Mental Health Crisis.” Frontiers in Psychiatry 12 (2021). https://doi.org/10.3389/fpsyt.2021.563417.
-
- Jun 2021
-
koblik-arths.com koblik-arths.com
-
paint, chairs, food, electric and neon lights, smoke, water, old socks, a dog,movies, a thousand other things that will be discovered by the present generation of artists.
I used to watch a TV show called "Art Attack" when I was a child, which is also my initiation of art. I remember he created a huge artwork made up of used clothes, trash, and some garbage bags. That was also the first time that I know the form of art can be various and diverse. Have you watched this TV show before?
-
-
www.theguardian.com www.theguardian.com
-
the Guardian. “‘They Stormed the ICU and Beat the Doctor’: Health Workers under Attack,” June 7, 2021. http://www.theguardian.com/global-development/2021/jun/07/they-stormed-the-icu-and-beat-the-doctor-health-workers-under-attack.
-
- Apr 2021
-
psyarxiv.com psyarxiv.com
-
Vartanova, I., Eriksson, K., Kirgil, Z. M., & Strimling, P. (2021, April 26). The advent of the COVID-19 epidemic did not affect Americans’ endorsement of moral foundations. https://doi.org/10.31234/osf.io/957zk
-
- Mar 2021
-
science.sciencemag.org science.sciencemag.org
-
Topol, Eric J. ‘COVID-19 Can Affect the Heart’. Science 370, no. 6515 (23 October 2020): 408–9. https://doi.org/10.1126/science.abe2813.
-
-
twitter.com twitter.com
-
Deepti Gurdasani. (2021, February 27). The campaign against @DrZoeHyde that has involved several scientists targeting her with personal attacks, and trying to misrepresent her is deeply disappointing. She has been referred to as ‘evil’, ‘idiotic’, ‘sadistic’, and a’sociopath’. A few thoughts on these attacks. [Tweet]. @dgurdasani1. https://twitter.com/dgurdasani1/status/1365641557404229638
-
- Feb 2021
-
twitter.com twitter.com
-
Dr. Tara C. Smith. (2021, January 23). A reminder: Especially among the elderly, some individuals will die shortly after receipt of the vaccine. What we need to understand is the background rate of such deaths. Are they higher then in the vaccinated population? We didn’t see that in the trials. Some data from @RtAVM. https://t.co/LJe9k1WJQC [Tweet]. @aetiology. https://twitter.com/aetiology/status/1352810672359428097
-
-
www.washingtonpost.com www.washingtonpost.com
-
All it costs is $175 a year for your Shadow Stats subscription—and, of course, any credibility you had left.
Rhetoric - Government attack - Spin
-
- Oct 2020
-
disqus.com disqus.com
-
Could you please explain why it is a vulnerability for an attacker to know the user names on a system? Currently External Identity Providers are wildly popular, meaning that user names are personal emails.My amazon account is my email address, my Azure account is my email address and both sites manage highly valuable information that could take a whole company out of business... and yet, they show no concern on hiding user names...
Good question: Why do the big players like Azure not seem to worry? Microsoft, Amazon, Google, etc. too probably. In fact, any email provider. So once someone knows your email address, you are (more) vulnerable to someone trying to hack your account. Makes me wonder if the severity of this problem is overrated.
Irony: He (using his full real name) posts:
- Information about which account ("my Azure account is my email address"), and
- How high-value of a target he would be ("both sites manage highly valuable information that could take a whole company out of business...")
thus making himself more of a target. (I hope he does not get targetted though.)
-
Another thing you can do is to add pain to the second part of it. Attackers want the list of valid usernames, so they can then try to guess or brute force the password. You can put protections in place with that as well, whether they are lockouts or multi-factor authentication, so even if they have a valid username, it's much harder to gain access.
-
That is certainly a good use-case. One thing you can do is to require something other than a user-chosen string as a username, something like an email address, which should be unique. Another thing you could do, and I admit this is not user-friendly at all, to let them sign up with that user name, but send the user an email letting them know that the username is already used. It still indicates a valid username, but adds a lot of overhead to the process of enumeration.
-
-
blog.rapid7.com blog.rapid7.com
-
How would you remediate this? One way could be to have the application pad the responses with a random amount of time, throwing off the noticeable difference.
-
Sometimes, user enumeration is not as simple as a server responding with text on the screen. It can also be based on how long it takes a server to respond. A server may take one amount of time to respond for a valid username and a very different (usually longer) amount of time for an invalid username.
-
-
medium.com medium.com
-
This is a very dangerous practice as each optimization means making assumptions. If you are compressing an image you make an assumption that some payload can be cut out without seriously affecting the quality, if you are adding a cache to your backend you assume that the API will return same results. A correct assumption allows you to spare resources. A false assumption introduces a bug in your app. That’s why optimizations should be done consciously.
-
-
-
but the advantage is the "functional style" with its strict separation of scopes = less attack surface for bugs
-
- Sep 2020
-
www.nature.com www.nature.com
-
Clements, J. C. (2020). Don’t be a prig in peer review. Nature. https://doi.org/10.1038/d41586-020-02512-0
-
- Jun 2020
-
onlinelibrary.wiley.com onlinelibrary.wiley.com
-
Jolley, D., & Paterson, J. L. (n.d.). Pylons ablaze: Examining the role of 5G COVID-19 conspiracy beliefs and support for violence. British Journal of Social Psychology, n/a(n/a). https://doi.org/10.1111/bjso.12394
-
-
www.theguardian.com www.theguardian.com
-
Phillips, G. (2020, May 28). How the free press worldwide is under threat. The Guardian. https://www.theguardian.com/media/2020/may/28/how-the-free-press-worldwide-is-under-threat
-
-
www.theguardian.com www.theguardian.com
-
Ward, B. (2020, May 6). It’s not just Neil Ferguson – scientists are being attacked for telling the truth | Bob Ward. The Guardian. https://www.theguardian.com/commentisfree/2020/may/06/neil-ferguson-scientists-media-government-adviser-social-distancing
-
-
jamanetwork.com jamanetwork.com
-
Cheng, H.-Y., Jian, S.-W., Liu, D.-P., Ng, T.-C., Huang, W.-T., Lin, H.-H., & for the Taiwan COVID-19 Outbreak Investigation Team. (2020). Contact Tracing Assessment of COVID-19 Transmission Dynamics in Taiwan and Risk at Different Exposure Periods Before and After Symptom Onset. JAMA Internal Medicine. https://doi.org/10.1001/jamainternmed.2020.2020
-
-
www.forbes.com www.forbes.com
-
The answer, of course, is end-to-end encryption. The way this works is to remove any “man-in-the-middle” vulnerabilities by encrypting messages from endpoint to endpoint, with only the sender and recipient holding the decryption key. This level of messaging security was pushed into the mass-market by WhatsApp, and has now become a standard feature of every other decent platform.
-
The issue, though—and it’s a big one, is that the SMS infrastructure is inherently insecure, lending itself to so-called “man-in-the-middle attacks.” Messages run through network data centres, everything can be seen—security is basic at best, and you are vulnerable to local carrier interception when travelling.
-
-
-
When you make a call using Signal, it will generate a two-word secret code on both the profiles. You will speak the first word and the recipient will check it. Then he will speak the second word and you can check it on your end. If both the words match, the call has not been intercepted and connected to the correct profile
-
- May 2020
-
www.thelancet.com www.thelancet.com
-
Rybniker, J., & Fätkenheuer, G. (2020). Importance of precise data on SARS-CoV-2 transmission dynamics control. The Lancet Infectious Diseases, S1473309920303595. https://doi.org/10.1016/S1473-3099(20)30359-5
-
-
www.thelancet.com www.thelancet.com
-
Liu, Y., Eggo, R. M., & Kucharski, A. J. (2020). Secondary attack rate and superspreading events for SARS-CoV-2. The Lancet, 395(10227), e47. https://doi.org/10.1016/S0140-6736(20)30462-1
-
-
www.cdc.gov www.cdc.gov
-
Hamner L, Dubbel P, Capron I, et al. High SARS-CoV-2 Attack Rate Following Exposure at a Choir Practice — Skagit County, Washington, March 2020. MMWR Morb Mortal Wkly Rep 2020;69:606–610. DOI: http://dx.doi.org/10.15585/mmwr.mm6919e6external icon
-
-
www.cdc.gov www.cdc.gov
-
Ghinai, I., Woods, S., Ritger, K. A., McPherson, T. D., Black, S. R., Sparrow, L., Fricchione, M. J., Kerins, J. L., Pacilli, M., Ruestow, P. S., Arwady, M. A., Beavers, S. F., Payne, D. C., Kirking, H. L., & Layden, J. E. (2020). Community Transmission of SARS-CoV-2 at Two Family Gatherings—Chicago, Illinois, February–March 2020. MMWR. Morbidity and Mortality Weekly Report, 69(15), 446–450. https://doi.org/10.15585/mmwr.mm6915e1
-
-
academic.oup.com academic.oup.com
-
Li, W., Zhang, B., Lu, J., Liu, S., Chang, Z., Cao, P., Liu, X., Zhang, P., Ling, Y., Tao, K., & Chen, J. (2020). The characteristics of household transmission of COVID-19. Clinical Infectious Diseases, ciaa450. https://doi.org/10.1093/cid/ciaa450
-
-
-
Jing, Q.-L., Liu, M.-J., Yuan, J., Zhang, Z.-B., Zhang, A.-R., Dean, N. E., Luo, L., Ma, M.-M., Longini, I., Kenah, E., Lu, Y., Ma, Y., Jalali, N., Fang, L.-Q., Yang, Z.-C., & Yang, Y. (2020). Household Secondary Attack Rate of COVID-19 and Associated Determinants [Preprint]. Epidemiology. https://doi.org/10.1101/2020.04.11.20056010
-
-
www.cdc.gov www.cdc.gov
-
Burke RM, Midgley CM, Dratch A, et al. Active Monitoring of Persons Exposed to Patients with Confirmed COVID-19 — United States, January–February 2020. MMWR Morb Mortal Wkly Rep 2020;69:245–246. DOI: http://dx.doi.org/10.15585/mmwr.mm6909e1
-
-
twitter.com twitter.com
-
Dr Muge Cevik on Twitter
Tags
- nursing home
- probability
- age
- household
- attack rate
- infection rate
- family
- aged care facility
- indoors
- exposure
- contact tracing
- lang:en
- asymptomatic
- friends
- environment
- transmission reduction
- close contact
- COVID-19
- symptomatic
- transmission dynamics
- public transport
- high risk
- is:twitter
Annotators
URL
-
-
jamanetwork.com jamanetwork.com
-
Steinbrook, R. (2020). Contact Tracing, Testing, and Control of COVID-19—Learning From Taiwan. JAMA Internal Medicine. https://doi.org/10.1001/jamainternmed.2020.2072
-
-
www.nytimes.com www.nytimes.com
-
Halpert, J. (2020 April 11). How to manage panic attacks. The New York Times. https://www.nytimes.com/2020/04/11/smarter-living/coronavirus-managing-panic-attacks.html
-
- Apr 2020
-
stackoverflow.com stackoverflow.com
-
Since the authenticity token is stored in the session, the client cannot know its value. This prevents people from submitting forms to a Rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery). If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
-
- Feb 2019
-
static1.squarespace.com static1.squarespace.com
-
pardons twenty absurdities and defects for one elevated or pathetic stroke.
I feel like this is where I live -- thank you for noticing me Hume
-
- Sep 2017
-
thebulletin.org thebulletin.org
-
Terrorist use of an actual nuclear bomb is a low-probability event
Low probability and high impact but not a black swan
-
we attempt to spell out here the likely consequences of the explosion of a single terrorist nuclear bomb on a major city, and its subsequent ripple effects on the rest of the planet.
-
