Oh this, „… is the closest I’ve ever come to falling for a Gmail phishing attack.“, shows a real clever attack. An embedded fake attachment image sends you to a data:text/html address. The first part of it then is a plausible-looking Google URL. And only after lots of spaces, it actually loads the phishing site in an iframe. A lot to watch out for in 2017. Including this:
A short story about how encryption can go very wrong with a (Ruby) workflow we’re all guilty of using.
minet gay rencontre This time focusing on images and dangling markup. That’s when an attacker injects an <img> tag without closing it to extract the HTML of the rest of the page.