techviator

techviator, 10 months ago

I’m in the same boat! I have tried, really tried, the only things I like are the extensions support on mobile browser, and the sync with the Wolvic on the Quest VR, but it feels old and some websites render weirdly on it, plus the lack of support for PWAs really make it tough.

I like Brave best, with Edge as a second choice, as weird as that sounds. I miss Firefox when it was the modern and most secure browser.

techviator, 10 months ago

cnames do not point to IP address, they point to a resource on another domain, in this case azureresource.azure.-com for example.

Say you have a temporary webpage called flashsale.example.-com you created a cname pointing that subdomain to an azure resource that shows your desired content. Then you remove the azure resource, but leave the cname in place.

If a create another azure resouce with whatever public azure url you used before, and I make it look like your current website, say I impersonate your current login.example.-com on that azure resource, now your cname flashsale.example.-com os pointing to it, but you don't control the azure resource now, I do.

Now I can try to phish your customers by sending emails with real links, like: Dear customer, your account will be charged $900 for your last purchase, if this purchase was made in error or was not authorized by you, sign in to flashsale.example.-com immediately to cancel it. And now I have your customer's credentials.

And that is just one example, there are many more ways to exploit an orphaned cname subdomain, like using it to serve malware, using it to control bots without being blacklisted, etc.

techviator, 10 months ago

I don't share (or like) anything that I don't want made public, so I don't mind who follows my profiles on social media. But some people would rather keep a lower profile or be more selective of who can interact with them, so it's better to have the option available.