Enforcing and encouraging online standards such as XHTML, CSS, JavaScript.
This was once a service to aid webmasters with SEO, to claim a website you had to add content to your HTML. While Alexa still provides this service as a subscription, the use of the META tag is no longer required as support was dropped in May 2016!
<meta name="alexaVerifyID" content="your-verification-id-here" />
This was a browser feature that was relatively unknown until recently when several browsers announced that they would be removing support. It is useful to track instances when a user clicks on a link, as it could be recorded by the server for analysis of user activity. As it was done out-of-bounds, there was no additional code, such as javascript, required on the client-side for this to occur.
<a href="..." ping="https://example.com/pingreporter">Example link</a>
References:
The download attribute allows for the downloaded filename to be specified to be something different than the name in the url.
This is available only on the A tag when an href attribute is already specified and works similarly to setting the header as:
Content-Disposition: attachment; filename="filename.pdf"
NOTE: this is not currently available in IE, Edge(prior to 13) or IOS Safari.
References:
Silverlight was a browser extension that was backed by Microsoft’s .NET product on many platforms, it provided media capabilities similar to Macromedia/Adobe Flash. Similar to Flash, it has had it’s own share of security problems over the years.
Introduced in 2007 and currently in a deprecated state. Once supported on Windows XP (IE6) to Windows 10 (IE11), MacOS and Ubuntu. Now only supported in MSIE. Edge never provided support. Modern versions of Chrome, Firefox, Safari, and Opera no longer support.
HTML Markup example:
<object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%"> <param name="source" value="MySilverLightControl.xap"/> </object>
REFERENCES:
https://en.wikipedia.org/wiki/Microsoft_Silverlight
As of April 11, 2017, Windows Vista customers are no longer receiving new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Microsoft has provided support for Windows Vista for the past 10 years
https://support.microsoft.com/en-us/help/22882/windows-vista-end-of-support
The most recent version of Internet Explorer in Windows Vista was IE 9.0.8112.16421 (9.0.57)
Even Apple, Google and Mozilla Firefox have ceased to maintain browsers for this operating system, dropping support for Windows XP and Vista at the same time.
Chrome 49.0.2623.112
https://chrome.googleblog.com/2015/11/updates-to-chrome-platform-support.html
Firefox 52.9.0 ESR
https://support.mozilla.org/en-US/kb/end-support-windows-xp-and-vista
Safari 5.1.7
https://apple.stackexchange.com/questions/68836/where-can-i-download-safari-for-windows
I recently crossed paths with a customer that was still using Windows XP and experiencing problems with a website. This led me to evaluate their options for continuing to use this once very common, but now unsupported operating system.
After 12 years, support for Windows XP ended April 8, 2014. Microsoft will no longer provide security updates or technical support.
https://www.microsoft.com/en-us/windowsforbusiness/end-of-xp-support
The most recent version of Internet Explorer in Windows XP was IE 8.0.6001.18702
Even Apple, Google and Mozilla Firefox have ceased to maintain browsers for this operating system, dropping support for Windows XP and Vista at the same time.
Chrome 49.0.2623.112
https://chrome.googleblog.com/2015/11/updates-to-chrome-platform-support.html
Firefox 52.9.0 ESR
https://support.mozilla.org/en-US/kb/end-support-windows-xp-and-vista
Safari 5.1.7
https://apple.stackexchange.com/questions/68836/where-can-i-download-safari-for-windows
An additional problem with use of IE8 on Windows XP is that it only supports up to TLS1.0 which is currently being replaced by TLS1.2 in many web applications.
A few months ago, Cloudflare revealed their public DNS server, and I’ve been pleased so far. In addition to performance, Cloudflare claims to be investing heavily in security of DNS. The top competitors in this field already being Cisco’s OpenDNS and Google. As these are all global players, they will (in most cases) have better speed and reliability than those of your local ISP.
Changing these for your entire network generally involves the administrative features/config of your gateway, modem or router. If you are familiar with this, the change should take just a minute or two.
If you are looking for some content filtering at the DNS level, OpenDNS still presents the easiest option for home users and also provides logs.
Cloudflare DNS:
IPv4: 1.1.1.1
IPv4: 1.0.0.1
IPv6: 2606:4700:4700::1111
IPv6: 2606:4700:4700::1001
(Cisco) OpenDNS:
IPv4: 208.67.222.222
IPv4: 208.67.220.220
IPv6: 0000:0000:0000:0000:0000:ffff:d043:dede
IPv6: 0000:0000:0000:0000:0000:ffff:d043:dcdc
Google Public DNS:
IPv4: 8.8.8.8
IPv4: 4.4.4.4
IPv6: 2001:4860:4860::8888
IPv6: 2001:4860:4860::8844
REFERENCES:
Many years ago, when HTML3 and 4 were still widely used in the mid to late 1990s, it was a common practice to place HTML style comments, or in some cases CDATA comments inside the SCRIPT tag in an attempt to hide that content from browsers that could not process it. In those browsers the content (javascript source code) would sometimes be displayed on the page, making it quite a mess.
This practice is now obsolete, and often problematic as there are very few of those browsers in use today – primarily only for testing of legacy functionality.
Example of old approach
<script type="text/javascript">
<--
// some script
-->
</script>
NOTE: for XHTML or XML documents, the use of a CDATA style comment is still required.
<script type=”text/javascript”>
//<![CDATA[
…code…
//]]>
</script>
REFERENCES:
If you have already started using HSTS to force users to your HTTPS website, the use of ‘preload’ is another simple addition as it only requires the addition of the keyword to the header.
Once done, you can either wait for your site to be identified (which can take a long time, or forever for less popular websites) or ideally, submit your hostname to be added to the lists preloaded in many modern browsers. The advantage here is that your users will never make a single request to your HTTP website and will automatically be directed to HTTPS.
An HTTP Header example:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Apache2 configuration example:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
REFERENCES:
While having history available with the simple use of the up arrow is a convenience feature common to most linux builds it can come with some risk. One such risk is when you have inadvertently typed a password instead of a command, or had to pipe credentials into a command.
Thankfully, you can clear the entire history with a variety of methods, the most common are below but others are available in the references.
history -c && history -w
cat /dev/null > ~/.bash_history && history -c && exit
REFERENCES: