Sunday Links: Hackers, Hot Dogs and Rhinos

A scary story, a funny video and an interesting photo for your Sunday afternoon pleasure.

Scary story.
Hackernoon contributor writes a very plausible story about how a bad actor might go about injecting password/credit card stealing code into any number of websites. In a way that would be extremely undetectable. Spoiler alter: It relies on NPM.

Looking back on these golden years, I can’t believe people spend so much time messing around with cross-site scripting to get code into a single site. It’s so easy to ship malicious code to thousands of websites, with a little help from my web developer friends.

I’m harvesting credit card numbers and passwords from your site. Here’s how. by David Gilbertson.

Video.

I’m not really int to prank videos, but this one is supremely funny and so innocent.

Picture.

Elasmotherium

A giant unicorn rhinoceros named Elasmotherium roamed the plains of Siberia 29,000 years ago. In many ways, I find these prehistoric animals much more interesting than  dinosaurs. (I couldn’t track down the original source of this photo unfortunately)

Links for Today: Passwords

Today I am reviving an old blogging tradition of posting some interesting or useful links with little or no context. Today’s topic: Passwords.

4 fatal flaws in deterministic password managers
Sync-less password managers are trending again, Tony Arcieri breaks down some reasons why they suck.

NIST’s New Password Rules
For developers: I pull this article from the link above, there are a few counterintuitive suggestions in this doc.

TLDR – Just use 4 easy to remember words