Undyne wrote: some other tips for general good web app security to check for (i use these in my job if we observe something reaching out to a sketchy domain)
1. check certificate authority. HTTPS has to be signed by something called a "certificate authority" but people can self-sign it. make sure CA is legit and not self-signed. this article does mention some good things about this: https://support.dnsimple.com/articles/how-to-determine-certificate-authority/
2. use whois to check who owns site. sometimes if it's a brand new registered site, it could be sketchy
3. virustotal and urlscan.io will scan the URL you are trying to go to, this will check if it is flagged malicious. tip: when using urlscan, doing a private scan will not appear that you're trying to scan it in any way. i have to make sure to do this at my job in case it is malicious and it could tip off the attackers that we are looking at it
4. double check URLs to make sure they are not slightly missspelled. this is called "typo squatting" and it basically means if you type goggle instead of google, the "bad website" could be on goggle but you didn't notice. this is also true if you click any links in your emails, check the URL (but generally, don't click email links unless you are expecting it like to verify it's you. i always go directly to the website instead of clicking links in email)
thank you i can't believe some users just shrug all these red flags off saying it's either a troll or not true, or state they don't care if their info gets compromised. the latter people honestly i feel like shouldn't be allowed to give their info away for their own safety, though i suppose it's also their own fault if the worst happens :/
Account deleted
wrote:
Teabag wrote: *spits out tea* I'VE MADE 10,5k STARS BEING INACTIVE FOR 4 MONTHS??