#cross site scripting | Explore Tumblr Posts and Blogs

cypheroxide · 5 months

Text

The Hacker's Guidebook:

Aspiring hackers! I’ve created a guide covering core cybersecurity concepts new hackers should master before tools. I break down networking, OS internals, & hacking tactics. Recognize hacking as lifelong journey—arm yourself with the basics!

Core Concepts for Budding Cybersecurity Enthusiasts The Building Blocks of Ethical Hacking So you want to become an ethical hacker and enter the exciting world of cybersecurity. That’s awesome! However, before you dive headfirst into firing up Kali Linux and hacking everything in sight, it’s vital to build up your foundational knowledge across several InfoSec domains. Mastering the fundamentals…

View On WordPress

14 notes · View notes

geeknik · 4 months

Text

Navigating the Risks of JavaScript in Web Development

JavaScript is the linchpin of interactive web experiences, fueling everything from form validation to video streaming. While JavaScript enriches user engagement, it also raises significant security considerations. This post examines JavaScript's potential for misuse and the best practices to mitigate these risks.

The Dual Facets of JavaScript

JavaScript’s ability to execute on the client side is a bedrock feature of dynamic web pages, empowering developers to script complex features and responsive user interfaces. Unfortunately, the same capabilities that streamline user experience can also be exploited for malicious purposes.

Potential Misuse Cases

Malicious actors can leverage JavaScript for a range of harmful activities, including:

Data Theft: Scripts can covertly transmit personal data to unauthorized parties.

Session Hijacking: Exploiting cookies or session tokens to impersonate users.

Malware Distribution: Executing scripts that install harmful software on users' devices.

Understanding misuse scenarios is the first step in fortifying web applications against such threats.

Notable Attack Vectors: XSS and CSRF

The two most prevalent JavaScript-based threats are Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Each exploit different aspects of web application interaction with the user.

Cross-Site Scripting (XSS)

XSS attacks involve inserting malicious scripts into otherwise benign web pages. These scripts activate when unsuspecting users interact with the web pages, leading to unauthorized actions or data exposure.

Defense Strategy:

Input Encoding: Systematically encode user-generated content before displaying it on the web, effectively defanging embedded scripts.

Use of CSP: Employ a Content Security Policy to specify legitimate sources for executable scripts and resources.

Cross-Site Request Forgery (CSRF)

In CSRF attacks, attackers con the victim's browser into performing unintended actions on a site where the victim is authenticated, ranging from changing a user profile to initiating financial transactions.

Defense Strategy:

Anti-CSRF Tokens: Deploy one-time tokens that must accompany each form submission, ensuring requests originate from the site's own pages.

Cookie Attributes: Set 'SameSite' attributes on cookies to limit their flow to requests originating from the site that set them.

Building Defenses into JavaScript

Deploying defensive coding practices is essential to protect against the weaponization of JavaScript. Here are tactics developers can leverage:

Input Validation and Sanitization

Vigilant validation and sanitization of user input are fundamental:

// Validate acceptable characters (e.g., alphanumeric for a username) function isValidUsername(username) { return /^[a-zA-Z0-9]+$/.test(username); }

Implementing a Content Security Policy (CSP)

CSP can significantly reduce the success rate of XSS attacks:

Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.cdn.com;

Managing Cookie Security

Correctly setting cookie attributes can prevent CSRF:

document.cookie = "sessionToken=xyz123; Secure; HttpOnly; SameSite=Strict";

Enlisting Users in Their Defense

While technical defenses are critical, empowering users to protect themselves can add another layer of security:

Educate Users: Regularly inform users on the importance of browser updates, installing security extensions, and recognizing phishing attempts.

Enable Security Features: Encourage users to install Firefox and use privacy-focused Browser extensions like uBlock Origin.

Conclusion

JavaScript's agility is a double-edged sword; its seamless integration into web pages can also serve nefarious purposes. Recognizing the potential for misuse compels us to employ rigorous defensive measures. Whether through stringent input handling, careful session management, or leveraging robust browser security features, a proactive approach to JavaScript security is the greatest defense against its weaponization. As technologies advance and threats evolve, so too must our strategies for maintaining web security and user trust.

1 note · View note

zapperrr · 25 days

Text

Securing Your Website: Best Practices for Web Developers

As the digital landscape continues to evolve, website security has become a paramount concern for businesses and individuals alike. With cyber threats becoming increasingly sophisticated, it is crucial for web developers to adopt robust security measures to safeguard their websites and the sensitive data they handle. In this article, we'll delve into the best practices that web developers can implement to enhance the security of their websites and protect against potential threats.

Introduction

In today's interconnected world, websites serve as the digital storefront for businesses, making them vulnerable targets for cyber attacks. From data breaches to malware infections, the consequences of a security breach can be severe, ranging from financial loss to damage to reputation. Therefore, prioritizing website security is essential for maintaining the trust and confidence of users.

Understanding Website Security

Before diving into best practices, it's crucial to understand the importance of website security and the common threats faced by websites. Website security encompasses measures taken to protect websites from cyber threats and unauthorized access. Common threats include malware infections, phishing attacks, SQL injection, cross-site scripting (XSS), and brute force attacks.

Best Practices for Web Developers

Keeping Software Updated

One of the most fundamental steps in website security is keeping all software, including the content management system (CMS), plugins, and server software, updated with the latest security patches and fixes. Outdated software is often targeted by attackers due to known vulnerabilities that can be exploited.

Implementing HTTPS

Implementing HTTPS (Hypertext Transfer Protocol Secure) encrypts the data transmitted between the website and its users, ensuring confidentiality and integrity. HTTPS not only protects sensitive information but also boosts trust among visitors, as indicated by the padlock icon in the browser's address bar.

Using Strong Authentication Methods

Implementing strong authentication methods, such as multi-factor authentication (MFA) and CAPTCHA, adds an extra layer of security to user accounts. MFA requires users to provide multiple forms of verification, such as a password and a one-time code sent to their mobile device, reducing the risk of unauthorized access.

Securing Against SQL Injection Attacks

SQL injection attacks occur when malicious actors exploit vulnerabilities in web applications to execute arbitrary SQL commands. Web developers can prevent SQL injection attacks by using parameterized queries and input validation to sanitize user inputs effectively.

Protecting Sensitive Data

It's essential to employ encryption techniques to protect sensitive data, such as passwords, credit card information, and personal details, stored on the website's servers. Encrypting data at rest and in transit mitigates the risk of data breaches and unauthorized access.

Regular Security Audits

Conducting regular security audits helps identify vulnerabilities and weaknesses in the website's infrastructure and codebase. Penetration testing, vulnerability scanning, and code reviews enable web developers to proactively address security issues before they are exploited by attackers.

Choosing a Secure Hosting Provider

Selecting a reputable and secure hosting provider is critical for ensuring the overall security of your website. When evaluating hosting providers, consider factors such as security features, reliability, scalability, and customer support.

Evaluating Security Features

Choose a hosting provider that offers robust security features, such as firewalls, intrusion detection systems (IDS), malware scanning, and DDoS protection. These features help protect your website from various cyber threats and ensure continuous uptime.

Ensuring Regular Backups

Regularly backing up your website's data is essential for mitigating the impact of security incidents, such as data breaches or website compromises. Choose a hosting provider that offers automated backup solutions and store backups securely offsite.

Customer Support and Response to Security Incidents

Opt for a hosting provider that provides responsive customer support and has established protocols for handling security incidents. In the event of a security breach or downtime, prompt assistance from the hosting provider can minimize the impact on your website and business operations.

Implementing Firewall Protection

Firewalls act as a barrier between your website and external threats, filtering incoming and outgoing network traffic based on predefined security rules. There are several types of firewalls, including network firewalls, web application firewalls (WAF), and host-based firewalls.

Configuring and Maintaining Firewalls

Properly configuring and maintaining firewalls is crucial for effective security. Define firewall rules based on the principle of least privilege, regularly update firewall configurations to reflect changes in the website's infrastructure, and monitor firewall logs for suspicious activity.

Educating Users about Security

In addition to implementing technical measures, educating users about security best practices is essential for enhancing overall website security. Provide users with resources, such as security guidelines, tips for creating strong passwords, and information about common phishing scams.

Importance of User Awareness

Users play a significant role in maintaining website security, as they are often the targets of social engineering attacks. By raising awareness about potential threats and providing guidance on how to recognize and respond to them, web developers can empower users to stay vigilant online.

Providing Training and Resources

Offer training sessions and educational materials to help users understand the importance of security and how to protect themselves while using the website. Regularly communicate updates and reminders about security practices to reinforce good habits.

Monitoring and Responding to Security Incidents

Despite taking preventive measures, security incidents may still occur. Establishing robust monitoring systems and incident response protocols enables web developers to detect and respond to security threats in a timely manner.

Setting Up Monitoring Tools

Utilize monitoring tools, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and website monitoring services, to detect abnormal behavior and potential security breaches. Configure alerts to notify you of suspicious activity promptly.

Establishing Incident Response Protocols

Develop comprehensive incident response plans that outline roles, responsibilities, and procedures for responding to security incidents. Establish clear communication channels and escalation paths to coordinate responses effectively and minimize the impact of security breaches.

Securing your website requires a proactive approach that involves implementing a combination of technical measures, choosing a secure hosting provider, educating users about security best practices, and establishing robust monitoring and incident response protocols. By following these best practices, web developers can mitigate the risk of security breaches and safeguard their websites and the sensitive data they handle.

#website security has become a paramount concern for businesses and individuals alike. With cyber threats becoming increasingly sophisticated #it is crucial for web developers to adopt robust security measures to safeguard their websites and the sensitive data they handle. In this #we'll delve into the best practices that web developers can implement to enhance the security of their websites and protect against potenti #Introduction #In today's interconnected world #websites serve as the digital storefront for businesses #making them vulnerable targets for cyber attacks. From data breaches to malware infections #the consequences of a security breach can be severe #ranging from financial loss to damage to reputation. Therefore #prioritizing website security is essential for maintaining the trust and confidence of users.#Understanding Website Security #Before diving into best practices #it's crucial to understand the importance of website security and the common threats faced by websites. Website security encompasses measur #phishing attacks #SQL injection #cross-site scripting (XSS)#and brute force attacks.#Best Practices for Web Developers #Keeping Software Updated #One of the most fundamental steps in website security is keeping all software #including the content management system (CMS)#plugins #and server software #updated with the latest security patches and fixes. Outdated software is often targeted by attackers due to known vulnerabilities that can #Implementing HTTPS #Implementing HTTPS (Hypertext Transfer Protocol Secure) encrypts the data transmitted between the website and its users #ensuring confidentiality and integrity. HTTPS not only protects sensitive information but also boosts trust among visitors #as indicated by the padlock icon in the browser's address bar.#Using Strong Authentication Methods #Implementing strong authentication methods

0 notes

jcmarchi · 1 month

Text

What are the Main Types of Security Vulnerabilities When Working With Open Source Components? - Technology Org

New Post has been published on https://thedigitalinsider.com/what-are-the-main-types-of-security-vulnerabilities-when-working-with-open-source-components-technology-org/

What are the Main Types of Security Vulnerabilities When Working With Open Source Components? - Technology Org

The vulnerabilities inherent in open-source components warrant due consideration, given their potential threats. As we work to unravel the primary security risks associated with open-source components, particularly in software development, we will present viable solutions for mitigating these risks. While open-source software can benefit the rapid development of systems, it also exposes projects to innate security risks. This is true, particularly if they are managed incorrectly. A detailed understanding of the security vulnerabilities is sacrosanct.

Artificial intelligence (AI) – artistic interpretation. Image credit: Pixabay, free license

Nowadays, open-source components, as part of software development, are indispensable. Widespread use has led to increased exposure to security flaws. Many instances exist, notably the Heartbleed bug in OpenSSL and the gaping vulnerabilities in ApacheLog4J. Both of these examples highlight the critical nature of safe and secure operations with open-source libraries. These vulnerabilities compromised millions of systems worldwide, ensuring that vigilance becomes a top priority within the open-source ecosystem.

For example, Synopsys Cybersecurity Research Centre discovered that 84% of companies are vulnerable to open-source code in their systems. This is especially true with JavaScript – the most widely used code framework. The report was based on 1700 audits and 17 industries globally, and it revealed that at least one known open-source vulnerability existed in the code bases. That statistic was 4% higher than the previous year.

Unknown Source Code Quality

Quality is not a blanket standard. It varies between systems, processes, and software applications. Therefore, the quality of open-source code varies widely. Without thorough vetting, it can be disingenuous to incorporate open-source components with poorly written code, unoptimized code, or gaping holes in the security infrastructure. Setting a standard, raising the benchmark of excellence, and enforcing compliance across the board is imperative.

Risks Associated with Licensing

One has to walk a fine line between understanding security vulnerabilities, and the legal aspects that may impact the viability and sustainability of a project. License risks are not a direct security threat, but misuse or abuse of open-source licenses can result in legal challenges and disputes. These will indirectly impact the security of projects underway.

Insecure Dependency Risk

Many open-source projects rely on various open-source frameworks and libraries. As expected, the absence of standards can result in introduced vulnerabilities. To maintain excellence, regular updates are imperative. By the same token, all security-related issues must be promptly addressed and corrected.

Ineffectual Security Practices in Development

The design and development stage of open-source software and projects is often mired in security practices. This is especially true if these projects do not follow rigorous security protocols. This can lead to clearing vulnerabilities, including cross-site scripting (XSS), SQL injections, or even cross-site request forgery (CSRF). If any of these, where similar vulnerabilities are introduced into the open source projects, they can pose tremendous challenges.

Insufficient Documentation and Updating

Open source components invariably suffer from inadequate documentation vis-a-vis security practices. Similarly, they may lack timely updates for known vulnerabilities. These loopholes present gateways for nefarious actors, allowing infiltration and disruption of systems. Once exposed, the open-source software is highly vulnerable to attack. Security flaws must be identified, addressed, and corrected as quickly as possible.

Fortunately, the features and benefits of software security tools like Checkmarx Static Application Security Testing (SAST) can provide relief for these exigencies. Companies no longer have to choose between scanning code quickly for security vulnerabilities and completing a thorough review of the open-source components. SAST offers a viable solution in terms of comprehensive security oversight and rapid assessment during developmental processes.

The key features of such breakthrough technology include a mix of elements, notably:

The best fix location

Rapid scanning for vulnerabilities

Ability to scan uncompiled open-source code

Artificial Intelligence query builder and security

Full support in multiple languages and across frameworks

Viewed in perspective, such solutions place the developers in control by reducing noise and finalizing secure code in the software and systems. A credible and trusted security solution makes application development efficient and secure. This balances the need for speed and security. Since it’s also developer-friendly, it easily integrates into work environments and with tools developers already use.

To the uninitiated, these types of tech solutions used for identifying security vulnerabilities, notably open-source components, are akin to using tools and resources that can rapidly identify errors and suggest a best-practice methodology to improve material based on relevance. That’s precisely what top-tier SAST does for software development. It secures code, ramps up the pace of development, and identifies problems as efficiently and effectively as possible.

0 notes

lvlab-1 · 9 months

Text

youtube

Is your Drupal secure? | Access Control | Encryption | @lvlabsoftware

Watch the video here: https://youtu.be/3IePi_RBWsQ

Hello everyone, Welcome Back to our channel! In today's video, we will discuss “How Drupal Handles Website Security and Share Some Tips on Checking if Your Drupal Site is Secure?” Do you know? how fast your website really is? Drupal is a CMS used to create all kinds of websites, and it comes with some built-in security features. Make sure to watch the video until the end, so that you don't miss any important information about Drupal Website Security. We hope you found this video helpful. If you want to know anything about Drupal, feel free to contact us.

Don't forget to like, share, and subscribe to our channel, so that you don't miss any updates in our channel about the latest content.

#drupal #encryption #secure password storage #access control #plugins #cross-site scripting #Youtube

0 notes

shariwaa · 11 months

Text

“Common Website Security Threats and How to Protect Your Business”

In today's digital age, websites have become an integral part of conducting business. They are used to attract customers, showcase products or services, and facilitate transactions. However, since people rely more on websites, there is an increase in website security concerns, which can jeopardize critical data, disrupt operations, and harm a company's brand. In this blog, we will look at some typical website security issues and offer practical solutions to secure your company. Remember that protecting your website is critical for preserving client trust and guaranteeing the success of your online presence.

1. Malware Infections:

Malware is malicious software designed to infiltrate and harm computer systems. Viruses, ransomware, and spyware are examples of common categories. Follow these procedures to safeguard your website against malware infections:

Maintain the software and plugins on your website.

Install a trustworthy security plugin or firewall to scan for and prevent harmful activity.

Using online security tools, monitor your website for vulnerabilities and malware on a regular basis.

Educate your employees on the need for safe browsing habits and the perils of downloading unfamiliar files.

2. DDoS Attacks:

Distributed Denial of Service (DDoS) attacks aim to overwhelm a website's server by flooding it with traffic, making the website inaccessible to legitimate users.

Use the following procedures to protect your company from DDoS attacks:

Use a web hosting service that includes DDoS protection.

Use rate-limiting methods to detect and prevent excessive traffic.

To disperse traffic and mitigate assaults, consider employing a Content Delivery Network (CDN).

3. SQL Injection:

SQL Injection: SQL injection is a web security flaw that allows attackers to manipulate the database of a website by injecting malicious SQL queries. To avoid SQL injection attacks, use these steps:

Use parameterized queries or prepared statements in your code to sanitize user input.

Update and patch your database management system on a regular basis.

Use a web application firewall (WAF) to detect and prevent SQL injection attempts.

4. Cross-Site Scripting (XSS) :

XSS attacks occur when malicious scripts are injected into web pages that users view, allowing attackers to steal sensitive information or take control of the website. Protect your company from XSS attacks:

Implement input validation and output encoding to prevent malicious scripts from running.

Control which scripts can run on your website by using security headers such as Content Security Policy (CSP).

Review and sanitize user-generated content, such as comments and form inputs, on a regular basis.

5. Phishing Attacks:

Phishing attacks entail deceiving people into disclosing sensitive information, such as passwords or credit card information, by impersonating a trustworthy institution. Protect your company and consumers from phishing attacks:

Teach your staff how to identify and report phishing attempts.

To prevent email spoofing, use email authentication methods such as SPF, DKIM, and DMARC.

To increase client trust, display visible security indications such as SSL certificates and trust seals on your website.

When it comes to website security, proactive measures are essential. Protect your business from these common threats and ensure the safety of your online presence. Partner with Shariwaa, a leading web security provider, to safeguard your website from cyber threats. Contact us today to learn more about our comprehensive security solutions.

#shariwaa #websitesecurity #malwareinfections #securityplugins #DDoS Attacks #webhosting #sqlinjection #cross-site scripting #securitypolicy #phishingattacks

1 note · View note

edisilva64-blog-blog · 1 year

Text

JavaScript: Por que ela continua sendo uma das linguagens de programação mais populares?

Classificação de JavaScript No artigo de ontem, sobre a linguagem Go, eu apresentei a classificação dessa linguagem em diversos classificadores de posição das linguagens de programação. Vou usar os mesmos índices para classificar o JavaScript e mostrar que essa linguagem continua sendo uma das mais usadas e, em alguns casos, com tendência de crescimento. O relatório 2022 Developer Survey, o…

View On WordPress

0 notes

malwarhospital1 · 1 year

Text

Common Website Security Issues | Malware hospital

Common website security issues , Cross-site Scripting, SQL Injection, broken authentication session management. As long as computers have existed in the world, they have been and will be threatened in various ways. It is no different from your website. At any time your website can suffer damage, causing loss of website traffic and hard-earned reputation.

Resolving these issues later can be time-consuming and confusing. You may think that only popular websites are targeted, this is wrong. Because they use it on any small or big website. Most malware and virus traps are automated. However, these problems can be prevented with a security policy.

In this composition, we will describe some of the most common pitfalls and their implicit detriment, as well malwarehospital.com website security results.

Common website security issues

Malware is the docked term for vicious software. It’s a catch- all expression for any software designed to disrupt, damage or gain unauthorized access to a system. There are numerous ways malware can spread, from plugging in infected USB drives to accidental downloads from infected websites. Contagions, spyware and ‘ worms ’ are generally included in the description of malware.

Cross-site Scripting

Cross-site Scripting( XSS) is a type of vulnerability hackers use to bypass security features by edging in vicious scripts into webpages. While it has been around for a long time( for commodity on the internet anyway), ZDnet reported in 2017 that it still represents a major trouble vector – so much so that numerous major companies have bug bounty programs that cover XSS.

SQL Injection

An SQL injection occurs when a website form doesn’t cover against colorful special characters and commands, allowing a vicious party to pierce, change or cancel data from a database.

How do you protect your website?

Due to the comprehensive nature of pitfalls, there are several preventives you should be taking concerning your website security. Some are automated tools you can emplace, while others are stylish practices you should follow.

Secure your accounts and passwords

It should go without saying that you must keep your web hosting word safe. Whoever has it can pierce your Control Panel and do any number of effects to disrupt operations. For illustration, the bad actor could deface your website, deflect it to a contender’s point or indeed steal client data that you’re liable for. You should thus tightly control who has access to your login details and follow stylish practices for strong word security change your word regularly and don’t throw away watchwords across different spots.

Always have a clean backup

Frustration can mount snappily when you accidentally loose data by installing a vicious plugin or clicking on a bad link, and have no expedient. A regular provisory governance can save you in extremity, but also give you peace of mind at other times. Backups mean you can roll back your website to the most recent clean interpretation. And only lose a day worth of data compared to losing everything.

#Website Security Issues #malware hospital #Cross-site Scripting #SQL Injection

0 notes

microcomets · 6 months

Text

Hi folks, today we're announcing the Rally for Palestine Raffle, a cross-fandom charity raffle to raise funds and awareness for Palestinians in the Gaza strip. (Reblogs appreciated to spread the word!)

Why donate?

Some background on what’s going on in Palestine and how you can help:

There is an urgent need for awareness, solidarity, local action and donations regarding the current genocide and ethnic cleansing occurring in Palestine, led by the Israeli government. After weeks of bombing and military attacks — and decades of displacement and occupation — Palestinian civilians in the Gaza Strip are currently in need of aid that has been blockaded, as well as solidarity and local action from global citizens.

Palestinians have most immediately asked us to put pressure on our local governments to end the ceasefire and to end the blockade to humanitarian aid. Please find action links below:

For US citizens, call your reps and demand a ceasefire and an end to the current blockade on humanitarian aid: https://www.usa.gov/elected-officials

US call script and petition: https://act.uscpr.org/a/callforgaza#:~:text=%5BREPRESENTATIVE'S%20NAME%5D.-,I'm%20calling%20about%20Palestine%20and%20Israel.,funding%20to%20the%20Israeli%20military

For UK citizens, email your MPs: https://palestinecampaign.eaction.online/stopthewarongaza

How to enter and donate:

You can win a fanwork from an amazing crew of cross-fandom creators, and one bid is only $10. Rules for how to enter AND the bidding site are here: https://rallyforpalestineraffle.site/

Please donate directly to the org FIRST, then send your donation receipt to [email protected] to verify your number of bids before checking out on the site!

Links to Donate:

Anera

Doctors Without Borders

Medical Aid for Palestinians (MAP)

Palestine Action

Palestinian American Medical Association (PAMA)

Save the Children

If you are a US citizen, sign the ceasefire petition HERE: https://actionnetwork.org/letters/tell-congress-ceasefire-now

Creators:

Here is our incredible first lineup (with several amazing creators waiting to be unlocked in stretch goals!). Bid on them right now!!!!!

The more we raise, the more mystery creators will be unlocked!

You have until Friday, October 27 to bid. Matches are highly welcomed; see the site for more details.

Let's get raffling!

#palestine #palestine funding #charity raffle #fandom raffle

590 notes · View notes

freeudemycoursesfree · 2 years

Text

LEE's Web Hacking (Cross-Site Scripting, SQL Injection)

LEE’s Web Hacking (Cross-Site Scripting, SQL Injection)

This course is designed for web hacking skills for only basic users What you’ll learn in Free Udemy Course- More information on web hacking skills and more safety web site for them. Requirements Just need to know about HTML/PHP , Web-programming skills and MYSQL database or likely. Description @ All Videos in this course have “ENGLISH-CAPTIONS” !!!! This course is very simple but has…

View On WordPress

#Cross-Site Scripting #SQL Injection #Web Hacking

0 notes

jymwahuwu · 7 months

Note

I have an idea. A self-aware au. What if Jing yuan/Blade is aware of darling's affection for him since they would log in the game and just see him and just admire them that is until Genshin drops 4.1 trailer and saw Arlecchino and Neuvillette and now they're envious of these two taking away their darling's attention.

It's just an interesting idea tho. But in actuality I'd think neuvillette and him would be friends or somewhat

Hello, this anon has similar thoughts!! Put them together to answer >_< I think they will be really jealous of the genshin impact characters who are stealing your attention lol. Jing Yuan's jealousy is more harmless (seemingly), while Blade's is more aggressive (?)

This is my first time writing a self-aware AU, hope you like it!!

CW: yandere, self-aware au

Jing Yuan and Blade have their own lives.

When you're not with them, when you're not in front of the screen or looking at them with a smile or wonder. They are handling the work/tasks of the Seat of Divine Foresight/Stellaron Hunters. Blade, Silver Wolf and Kafka were practicing the new "destiny" script and took away another Stellaron. Jing Yuan is managing Luofu and attending meetings. How strange. Once you click on the space screen to enter the game, they can see your face. You organize your team and do daily tasks with them.

At first, they thought it was some kind of prank or a conspiracy, but over time they got used to it. In Elio's words, "The world is like a video game. No one can prove whether the world is real or false. Feeling the current destiny is the most important thing."

For Jing Yuan, he just got familiar with your personality. He confirmed that your presence would not put Luofu in danger, and that you acted like a cute kitten playing with a ball of yarn. You can control Luofu's General and Stellaron Hunter, and all you do is wander around Xianzhou and buy snacks to feed them, break every poor object on the way, fight to get some rewards, take the books on the table, etc.

You didn't forget to "build" them either. They watch you search for "Jing Yuan", "Blade", "build", "guide" and other keywords on the Internet, and take them to fight again and again to get materials to upgrade. Although they have actually participated in some wars and have terrible strength, what you see here is "lv 1-80".

You really like them, otherwise you wouldn’t pull, right? You even take photos of them while wandering around the map. Jing Yuan snickered when you took Blade to take a selfie in front of his wanted poster. The general is not shy about giving you a smile either. They know your admiration because you always take more than one photo.

Until… recently, they noticed that you weren't online as often. At one point, you log in again, and then, as if you thought of something important, you search "genshin impact" on Youtube (they know the name of the site) and start watching trailers and special programs.

What's this?

You stared intently at those…those people. White curly bangs, long hair like a waterfall, and his gorgeous and decent attire. The other man has short black hair. He punches enemies in live. A woman with short gray and white hair smiles confidently.

Jing Yuan opened his eyes wide, not expecting you to be so "frivolous" - did you plan to be unfaithful to him? You found Jing Yuan pouting at you in the game, but you thought you were hallucinating, so you gave him immortal's delight and puffergoat milk to comfort him. Blade clicked his tongue, crossed his arms in boredom, and stopped observing what you were doing on the other side of the screen. Silver Wolf and Kafka teased him about whether he was separated from the little player? Jealous? You're surprised to notice that his damage has been doubled. While on a mission, Blade almost lost control and killed a person on the script. His eyes as red as candlelight flashed, and he almost swung down the sword in his hand.

They are all looking for opportunities to get close to you. That part of Xianzhou's large computer installation called "loom" is running, investigating and analyzing you.

#yandere jing yuan x reader #yandere blade x reader #yandere hsr #yandere honkai star rail #yandere jing yuan #yandere hsr x reader #honkai x reader #honkai star rail x reader #honkai star rail x you #blade x reader #hsr x reader #hsr blade x reader #blade x you #hsr x you

778 notes · View notes

izvmimi · 23 days

Text

cw: streamer au! you and hawks have a popular channel and you have some special guests! fluff! reader and hawks are married. 'dove' as a nickname. written for @pastelle-rabbit.

“Did you finish setting up the microphones, dove?” Keigo asks, while you’re just about to adjust your PC setup. The stream begins in five minutes, and while it’s not the first time you’ve gone live with your love, it’s the first time that you’ve had guests on your streaming site, and this is highly anticipated enough that you expect a higher turnout for today, and commensurately likely more trolls. You’re used to Keigo’s trolls as a top-ranking hero, but Izuku’s trolls are a whole different beast.

“Yes!” you sing out to him. After the final adjustment, you shoot a glance to Izuku and his wife who are poised very politely on gaming chairs you got just for them; his hand is holding hers, the thumb caressing the back of her hand while she crosses her legs at the ankle. She looks distressed and you stifle a giggle. Horror and gore are the themes for your stream today and from what Izuku has told you, she’s a screamer, but so is Keigo, so the two will be squawking like birds for the remainder of the night.

You can’t wait.

“Are you guys comfortable?” you ask. The chair arrangement is a little more complex to make sure everyone stays huddled around your huge monitor, but you’ve figured it out.

She nods slowly, and Izuku grins. “We’re doing perfect!”

There are now two minutes until the stream starts, and Keigo slips into the chair right beside you and kisses your cheek, his other hand deep in a bag of chicken chips which he brings to your mouth.

You indulge him with a bite, and he grins, then whispers if you want him to be your chair this time, and while Izuku grins politely at the two of you, you can sense yourself warming in the face.

“We have guests,” you remind him. Keigo throws a glance at Izuku who immediately waves his hands.

“Pretend we’re not here.”

“What do you mean we’re not here, we were in-”

You start the stream and Izuku’s wife falls silent, immediately switching to camera ready mode. “Welcome guys and thanks for coming back to our channel! As promised, we have special guests today! -” Deku and his wife wave politely to the camera in million-watt smiles, “- and we’ll be continuing with our horror themed stream!”

Keigo chews loudly and waves at the camera. “I’ll be here!” he motions a salute to the screen. As expected, you can already see the influx of his fans filling the chat, painfully polite in their thirst since the last time he reminded them on screen he was happily married.

“Ooh can we have streamer nicknames?” Izuku’s wife asks.

“Sure, what would you like to be called?” you offer. She looks around, then up at the ceiling, then her eyes light up.

“Hm… BLOODCRUSH.” She says with dramatic glee. The rest of the three of you blink rapidly, but no one argues.

“Bloodcrush it is!” you announce as she kicks her feet. Izuku gives her a mildly concerned look, but then rubs her shoulder affectionately. The chat starts to rile up with comments in support of new nickname Bloodcrush (bloodcrush x deku otp, bloodcrush fighting!) to her delight while the less savory ones are promptly ignored.

“I think the rest of us will just go by our hero or streamer names, is that okay?” Keigo says, stretching out in his chair and resting his arm around the shoulder of your gaming chair, pose relaxed.

“So what game are we playing?” Deku starts per your loosely prepared script.

“RAID AND EXECUTION,” Hawks announces, excitedly. You laugh as the story intro video begins, and Hawks claps his hands dimming the lights while Bloodcrush looks stunned to her husband then to you.

“Raid and what?”

“Oh, that sounds awesome! I’ve heard of this one!” Deku chirps, and immediately his info-dumping begins. “So from what I’ve read, this game is set in the early 1400s in the Caribbean where a group of pirates are lost at sea and encounter a group of enchanted beings, most likely zombies, and you’re meant to survive as long as possible when they’re active at night, and raid the villagers during the daytime or else you’ll run out of resources and die, not to mention the game mechanics heavily rely on you using context clues of the environment in order to determine if a settlement is nearby and-”

Hawks and Bloodcrush both scream as the first zombie shows up on screen armed with a machete and cleanly slices the head off of your avatar.

‘Ooh, that was fast,” you say, frowning as the “Game Over” screen shows up on the monitor. The chat explodes with comments telling Deku to shut the hell up which makes him frown.

“Just trying to provide context,” he grumbles. You start up the game again and instead of jumping right off the ship and walking right onto the island, you pause and look for clues. Hawks encourages you to explore the bottom of the ruins first, which has you find a rusty machete of your own as well as some 14th century hardtack, and Bloodcrush leans in and asks you if there’s any way you can find a musket or other gun.

“Baby, I think muskets weren’t invented till the 15th century,” Deku says, and she pats his cheek gently, whispering only mildly threatening, “I didn’t ask you for historical accuracy, honey.”

“Here, I think we found one!” you exclaim and Hawks gives you a high five while Bloodcrush raises her eyebrow at him.

While you begin arranging your inventory, Hawks repeats some questions in the chat for their guests.

“So, herofootfetish69 has a question for you, Deku.”

Izuku pales while you and his wife unintentionally bursts out laughing from how nonchalantly Hawks reads the username, then your avatar inadvertently falls off a cliff and dies.

“Man!” you exclaim as you restart. Bloodcrush laughs even harder as she points to new resources that you can pick up while you’re repacking your knapsack.

“They ask, do you have time to play video games when you’re supposed to be protecting the city?” Hawks asks, then giggles.

“Why am I being heckled?” he frowns. “Yes, heroes have time off too.” He pauses. “Hawks is literally on this stream!”

“Hey, I think if you alternate the musket and the dagger, you might have a chance with those zombies,” Bloodcrush murmurs. Someone in the chat tells her that she has a better chance with the dagger alone. “Never mind, just do that.”

“Next question for LoveDove!” Keigo presses a kiss to your forehead, then reads off, “gains4fame asks, how long have you and Bloodcrush known each other?”

“Not long!” you say, “but I think we’ve become fast friends!”

Bloodcrush’s eyes light up and she playfully bops you on the shoulder. Hawks offers an affectionate awwww, and hugs you while Deku rubs his wife’s back.

In the process of your husband hugging you, you’re shot by an arrow.

“NO!” you and Bloodcrush scream in unison, then look at each other and giggle.

“Next question from chickenchipenthusiast-” Izuku pauses, then reaches for the extra bag Hawks has brought, “not sponsored by the way,” he reminds everyone, “for Hawks - how do you choose your guests on the show?”

Hawks shrugs. “When I called, you picked up.”

Izuku sighs in defeat.

“We’ll move on to the next question. For LoveDove again - do you think you’ll get better at these games?”

Hawks bristles but you laugh. “I’m having fun and so are you, aren’t you?”

chickenchipenthusiast writes: exactly!

You get your first kill of a zombie on the island and you and Bloodcrush share double high fives in delight.

The chat fills with overwhelming support and the stream continues late into the night, the chatter amongst you guys never ending and the subscribers ticking higher and higher all night.

#hawks x reader #keigo takami x reader #takami keigo x reader #keigo x reader #daydreams: bnha #mimi's notes #treasures: amira

145 notes · View notes

flightrising · 1 year

Text

Update: Emergency Maintenance

Hello everyone! We have an update for you on today's unscheduled maintenance.

At approximately 14:00 server time today, March 31st, we detected an attempted cross-site scripting (aka, XSS) attack. The site was put into an unscheduled emergency maintenance out of an abundance of caution, so that we could perform a thorough audit to ensure the security of the site and everyone's accounts.

While we continue to audit all possible areas of the site, we will remain in an emergency 'curtains down' maintenance. The Mistral Jamboree will be extended by however many hours we have to keep the site down as a result of this attempted attack.

We apologize for the inconvenience, and thank you for your patience while we continue our investigation and audit.

#Flight Rising #FlightRising #Flight+Rising #Unscheduled Maintenance #Emergency Maintenance

697 notes · View notes

jcmarchi · 2 months

Text

Here's Why You Should Always Log Out of WordPress

New Post has been published on https://thedigitalinsider.com/heres-why-you-should-always-log-out-of-wordpress/

Here's Why You Should Always Log Out of WordPress

We may think we know WordPress security. But we can’t underestimate the task at hand. It seems that surprises lurk around every corner.

Consider a recent report from the security firm We Watch Your Website, for example. The report claims that 60% of hacked WordPress sites stem from stolen session cookies. I sure didn’t see that one coming.

We know about using strong passwords and setting file permissions. We understand the importance of updating our WordPress installs. We may even use a security plugin or two.

However, even the most security-conscious among us can miss things. That one oversight can lead to a hacked website. And that’s despite taking a bevy of security measures.

Stolen session cookies weren’t on the radar. So, what can we do to prevent this from happening? The author of this report has some advice.

How to Prevent Stolen Session Cookies

Thomas J. Raef is the author of “The Real Attack Vector Responsible for 60% of Hacked WordPress Sites in 2023.” His report demonstrates the threat of stolen session cookies in great detail. And a recent appearance on the WP Tavern Jukebox podcast shed more light on the subject.

But what about remedies? How do we stop these attacks from impacting our websites? I asked Raef for some preventative tips. The answer is as simple as logging out.

Our interview was lightly edited for clarity and brevity.

How do session cookies get stolen?

Thomas J. Raef: If it’s not WordPress, they’re frequently stolen via cross-site scripting. However, WordPress uses the HttpOnly option in the headers. So, that prevents cookie theft in WordPress via XSS.

The main way is by info stealers. If you Google the term, you’ll see it’s almost as popular as ransomware. Some ransomware hackers are starting to use info stealers more for their infections. Info stealers are designed to evade detection from most anti-malware programs. Some are dedicated to evading detection on Windows, others on Macs.

They typically steal everything possible in about 10 seconds. Some ask, why would they bother stealing WordPress session cookies if they’re also stealing bank logins, etc. But look at the cybercriminal industry. What do they need for the majority of their attacks? Oh, a legitimate website to infect unsuspecting visitors.

They steal the session cookies because it totally bypasses 2FA (Two-Factor Authentication), MFA, etc. because the user is still authenticated. As long as the cookie hasn’t expired.

Raef’s report shows that nearly 60% of hacked WordPress websites were the result of stolen session cookies. Image credit: We Watch Your Website

How can we secure our devices against this type of threat?

TJR: The easiest way is to remember to log out. That’s it! When you log out you expire the cookie. If you just close your browser window, it leaves the cookie active. So, if it’s stolen, it can be used by anyone.

One simple prevention is using SolidWP (Solid Security). Their Trusted Devices feature uses the IP address to generate the session cookie. If it’s stolen, it can’t be used anywhere other than where it was originally created. Those two things are the best way to prevent session cookies from being used against your sites.

Are there any changes the WordPress project could take to increase the security of session cookies?

TJR: Possibly. If there was a procedure that checked for inactivity after 30 minutes, and then automatically logged out the user, that might help. But I believe that would involve JavaScript and that’s getting too complicated. They already include the HttpOnly option, so they’re doing a lot to prevent this from being even bigger.

Do you have any other advice for web designers managing WordPress sites?

TJR: Make sure that everyone with admin access to your site is also focused on sanitary procedures for all local devices. We’re seeing more and more sites being infected due to malware on the local device of an admin. It can steal usernames, passwords, and session cookies.

2FA can stop the usage of username and password, but not session cookies. Tell all devs to log out! It’s quite simple and 100% effective.

One thing we’re starting to see more of is hackers attacking from the local device. Not stealing session cookies or anything else, just piggybacking on a legitimate admin session.

We see the legit IP address of an admin, and they’re doing their work and then suddenly from the same IP address at the same time, the legit admin is working – BAM! – a bogus plugin is installed from the same IP address!

The hackers have control over the local device and they’re attacking from that device. This supports the fact that you MUST be concerned about the health and well-being of your local devices.

Your Device Is Also a Factor in Website Security

A compromised computer or mobile device can impact your website’s security. On the surface, this theory makes sense. However, we typically don’t hear much about it.

Website security usually means a focus on the site itself. We attempt to filter out malicious traffic. And we employ various methods to prevent direct attacks.

It’s past time to look at our devices as well. You know, the systems we use to log into our websites. Good security should start there.

An info stealer can do untold damage in mere seconds. We won’t know the consequences until it’s too late. Let’s do something about it.

Follow best practices to secure your device – and encourage your clients and colleagues to do the same. A few simple steps could prevent a catastrophe.

And to follow Raef’s advice: Be sure to log out of your website! An expired session cookie is useless. Thus, it can’t do any harm.

Many thanks to Thomas J. Raef for chatting with us! Check out more of his security advice at We Watch Your Website.