Month: February 2020

  • The Sad Case of the ccTLD, the CSP, and the Wildcard

    Content-Security-Policy. Make it tight. Google, allow it to reference your images so they show in the search box. Wildcards. You can specify the left-side (*.domain) but not the right side (domain.*). OK, lets look up the list of google domains. I’ll let you Bing that. The answer is here. Huh. That is a lot. […]

  • My content-security-policy has blocked more malicious ads

    I see a lot of entries for (purposely not linked) in my Content-Security-Policy logs. These are folks who have some malware installed on their desktop, when they surf to my blog, they get redirected and advertising injected. Except that my CSP forbids this (since I don’t allow them img-src or script-src permission). I wrote […]

  • Voice mail security?

    Something interesting / disturbing just happened to me. I was trying out my new bluetooth headset to make sure it supported aptX and would pair to two devices. So, while watching a youtube video, i used skype to dial my phone. Oddly, I got a high-fidelity playback of my voice mail (ironically a bunch of […]