Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Weekly Update 392

published on 2024-03-25 02:08:07 UTC by Troy Hunt
Content:

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.

Weekly Update 392

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted":

"john|doe"@example.com

Give that a go and see how far you get in an input of type "email". Mind you, that example allows a pipe when not quoted. And the more you read, the more contradictory things seem; try this Stack Overflow question about allowable characters in an address and you'll get a heap of "yeah, that one is allowed but only if quoted"... which means it won't work in an email input box! (Unless you use the "pattern" attribute and a regex that permits it - argh!)

tl;dr - especially for the purpose in question - extracting email addresses from a data dump - I think I'm just going to boilthis down to a handful of permissible characters that are broadly accepted by websites and just stick with those. If you're a unique enough snowflake to be putting a quoted pipe in your alias then you're clearly not signing up to very many websites.

Weekly Update 392
Weekly Update 392
Weekly Update 392
Weekly Update 392

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. It just went from bad to worse for Onerep with Mozilla cutting ties (it's hard to imagine they really had any choice left)
  3. Is the alleged AT&T breach really just "alleged"? (read the comments on that blog post and see what you think...)
  4. MediaWorks in NZ got breached and their data spread all over the place (although the data is pretty benign in the scheme of things)
  5. But hey, at least MediaWorks had some solid advice around protecting yourself online! (checking if you were included in "other" breaches now needs a bit of a revision...)
Article: Weekly Update 392 - published 8 months ago.

https://www.troyhunt.com/weekly-update-392/   
Published: 2024 03 25 02:08:07
Received: 2024 05 05 12:22:04
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor