Having special characters is a good idea but having a comma just to break a CSV is dumb. This would only happen if the hacker used a bad exporter or created their own (very poorly).
AFAIK it's only "ambiguous" in the sense that if you get a csv file you can't determine the exact parsing behavior to use, but if you know what program created the csv (or what encoder options were used), it's not ambiguous to parse.
>but things get really hairy really fast when you start adding types or BLOBs in the CSV.
AFAIK BLOBs are hex encoded, which make them a non issue.
One behaves differently when driving, and be mindful of 360 degrees, checking the mirrors every 5-10 seconds, etc. But if one has a wall of screens, perhaps in the long run they may be able to convert the 2d (wall of monitors) to the 3d (360/surroundings) and sense it accordingly.
Lag/downtime/tunnels/etc. would kill, and should be flawless.
There are only 2 ways for some "bad actor" to do this sort of MITM (man in the middle).
1) Illegally tap into a node on the internet backbone. The only cases I've heard of where this has actually occurred involved either corrupt ISPs or governments in dictatorial or 3rd world countries. If government is involved, all bets are off.
2) Inject software inside your local computer or network. In which case, all bets are off once again. Once inside your network, these "bad actors" would presumably have full access to the SSL/TLS handshake process as well and thus be able to decrypt traffic as they see fit.
Bottom line: The case for HTTPS everywhere is weak and is mostly about perception created by 3rd parties (like Google) with a vested interest.
- route throttling to something high since if they are new users they shouldn't need to hit that form more than once
- don't let the end user know that you were able to send an email. Keep it vague like "if your email exists, you should receive an email soon."
- don't use a personal email server; something like sendgrid can give you a server that is in good/neutral standing
- if you have to handle your own emails, keep up with any bounce backs and always keep an eye your server being on any blacklists to get it cleared out as soon as possible
- honeypots can be useful if the spammer(s) isn't keeping a close eye on their scripts
> don't let the end user know that you were able to send an email.
I need to stress this is a very important point. If you happen to state the email they entered already exists in the system, the attacker now knows that is a valid account then use a known password linked to that email to gain access.
If you don't want someone/something from seeing your content, don't put it on the internet but if that isn't enough:
- add a disallow in your robots.txt (many people say the bots ignore this anyways)
- somehow have your pages so far down in SEO rankings that bots would deem it incorrect/irreverent
- put your content behind a login; this too has it's issues since the bot handler can just get some login credentials to crawl anyways or a user can copy the content elsewhere
- you could also try gaming the system by making your content so offensive that the current AI censorship fad blocks it
- you could try not linking a domain name to the IP, making it harder to find
- sue any AI developer that you think crawled your content
>you could also try gaming the system by making your content so offensive that the current AI censorship fad blocks it
-
recall the /. comment bombs against eschelon in the day whereby they had a signature statement that said all the key-words the pre-snowden-leak folks (myself included) wiould trigger eschelon...
There are a vast number of new keywords, in the AI time-loop, which are really bad to include - but maybe a logic bomb of sorts on AI based on woke triggering is in order...
a signatory paragraph of such words as the F, the N, C, the other F, any pronoun BS, etc... and get AI to be offended based on their requirements to be WOKE in their results...
"Uncaught SyntaxError: missing ) after argument list"