Bitcoin Forum
May 17, 2024, 12:35:59 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Lax Security on a lot of Crypto Sites- be careful everyone- a nice simple check.
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Lax Security on a lot of Crypto Sites- be careful everyone- a nice simple check.  (Read 77 times)
logosobscura (OP)
Member
**
Offline Offline

Activity: 84
Merit: 16

Tru Reputation Network Pre-Sale: tru.ltd/tokensale


View Profile WWW
January 04, 2018, 11:49:41 AM
Last edit: January 10, 2018, 11:56:43 AM by logosobscura
 #1
Posting this here because it's really starting to bug me.

I got asked by a friend why he keeps seeing Google Ads that are clones of known exchanges- sent me a few URLs, and each and every single one was operating not as a clone, but as a XSS attack because the exchanges didn't have the basic security headers set. Some examples of bad offenders:

Binance Header Report - No CSP policy, no XSS blocks, no referrer policy

MyEtherWallet Header Report - Literally embarrassing, doesn't have anything set at all. Despite being told in their GitHub repo how to fix it and being given a pull request.

Everyone- be careful, and scan the sites you use before you get ripped off by someone doing a drive by.
Pages: [1]
  Print  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Lax Security on a lot of Crypto Sites- be careful everyone- a nice simple check.
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!