|
I'll post the resolution once it happens.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: aHR0cHM6Ly9mZWVsbGl4cy5jb20vP2Jz contains information that decodes into https://feellixs.com/?bs
Looks like they are fishing for your Netflix password.
3307501017[^]
3307500963[^]
Domain is 1 day old. Certificates are also 1 day old.
Best Wishes,
-David Delaune
P.S.
It's not an accident that the site went live on a Saturday. They are taking advantage of the fact that the network operations is closed and minimally staffed over the weekend. Unfortunately they will get a full 48 hours of fishing for Netflix password before being shut down on Monday.
modified 30-Aug-20 5:28am.
|
|
|
|
|
Interestingly - and espite it's being a new registration - Chrome and Firefox blocks this page...
It is actually try to mimic Netflix login page (I can see it on Edge)... Which should be more than suspicious, as the original mail is from the ISP, so how it landed you on Netflix...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Well,
Most e-mail providers filter out SPAM links. I am guessing that https://www.xfinity.com/* is white listed and that's the core value of this vulnerability. Since @Richard-Andrew-x64 is a customer he should report this to the Comcast Security team.
Security Vulnerability Report[^]
Best Wishes,
-David Delaune
|
|
|
|
|
How on Earth did you figure out what that decodes to?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Good to see that when browsing from my work right now (may not matter that there are filters the average surfer wouldn't have because it seems to be a Chrome thing) I see the following screen with a bright red background from Chrome:
Deceptive site ahead
Attackers on feellixs.com may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards). Learn more
Help improve security on the web for everyone by sending URLs of some pages you visit, limited system information, and some page content to Google. Privacy policy
Google Safe Browsing recently detected phishing on feellixs.com. Phishing sites pretend to be other websites to trick you.
You can report a detection problem or, if you understand the risks to your security, visit this unsafe site.
|
|
|
|
|
Richard Andrew x64 wrote: OK I figured it out. This is the complete scam link:
...
You might notice that it very well hides the actual target domain name. That is ".ac" for the Ascension Islands.
That's not correct. The link goes to the xfinity domain; there's just an open redirection vulnerability on that page.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Sign-on pages typically take as a parameter the URL of the page to return to, after the sign-in is complete. The "learn" is there suggests that it's from the sites help pages. And that section may auto-log you in, based on your cookies (Xfinity's login page does have a "Stay signed in" option).
So, you go to that page, it logins you in, and then "returns" to the page it assumes you were on when you click "Sign in".
Truth,
James
|
|
|
|
|
Thanks for that information. I wasn't sure how it worked.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I see an enormous number of jobs asking for full stack developers.
Is that their way of saying that the developer will be asked to produce more than one person possibly can?
It seems to me so because I think companies want to save on IT costs.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
A full stack is just one step away from stack overflow, so it's their way of saying that they are looking for cheap developers that can barely ask a question online.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|
|
Meow!
Accurate, but ...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Since you seem to understand what he meant, could you explain it to me?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Now you scare me. Shirley you know how a stack works and what a stack overflow is?
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|
|
Yes I do. But Griff's response makes it sound like your response was some kind of slap down. Was it?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Too many "coders" describe themselves as "full stack developers" (heck as "developers"!) despite their only apparent ability being to find some code on SO, hit it with a hammer, apply some sticky tape, and proclaim it as "self written" "good code" by a "L33t uber coderz".
Pop over to QA and you'll find enough of 'em.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Oh, OK. I guess it was just his phrasing that I didn't understand. I had no idea what he meant.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
A full stack is literally just one byte short of a stack overflow error/exception or a nice program crash when it goes undetected. It's also the moment that some helpless kid runs to the stack overflow website and asks confused questions.
It's actually not the kids who I blame for this. They are only the symptom, caused by idiots who teach them that they must not care about what's going on under the hood because some OS/compiler or the ancestor programmers' spirits take care of it much better then they possibly ever could.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|
|
Thank you for the explanation. Internet posts lack a bit of context and can sometimes lead to confusion.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Isn’t that a cook at Denny’s or IHOP?
If you can't laugh at yourself - ask me and I will do it for you.
modified 29-Aug-20 19:07pm.
|
|
|
|
|
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Quote: Is that their way of saying that the developer will be asked to produce more than one person possibly can? Yes and no... but from my point of view it makes sense.
a.) Small companies
Yes, please one developer should do the whole job
b.) Bigger companies (who can afford three developers)
In case all of them are 'full stack' it is very comfortabale. Means:
- No big discussions/explanations necessary at stack boundaries
- No big problem to exchange them to do different jobs on the stack.
Only my thoughts
It does not solve my Problem, but it answers my question
Chemists have exactly one rule: there are only exceptions
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Probably just copying a buzzword, but ideally, seeking a developer who will take responsibility for the whole application, not say "that's not my job".
Or maybe seeking a scapegoat for a project which has already collapsed under its own weight.
|
|
|
|
|
That means you need to know front end, back end, database and whatever else is out there in the universe. All those "wonderful/you must know/ must have" frameworks, libraries, databases, linters, pre processors, anything that sounds like some animal or demi god you should know. Microservices, Event Straming, Cloud, Zookeeper, Hive, Pig, Kafka, SQL, No-SQL, ES6, React, React Native, Angular, Jest, Jasmin, the list goes on and on. These days you can make up a word and there is a langauge or library with that name you can find in this wonderful univese we live in. Your years of experice is nothing if you don't know the buzzword of the day. It is painful and we the citizen of this universe are the one who keeps creating new things with obscure names and solutions in search of problems. Resistance is futile as new devs are lead to belive you must use all those things or you are not an actual developer.
Zen and the art of software maintenance : rm -rf *
Maths is like love : a simple idea but it can get complicated.
|
|
|
|
|
Richard Andrew x64 wrote: Is that their way of saying that the developer will be asked to produce more than one person possibly can?
Seems so. What you will hear: "You own from start to end. Start thinking as an engineer and not just a developer".
Richard Andrew x64 wrote: I see an enormous number of jobs asking for full stack Engineers developers.
FTFY
Now, along with development, the expectations are to do:
1. QA work
2. Ops work
This movement is shared as 'Shift Left' journey.
|
|
|
|