Text message clickbait attack from g4svc.info [closed]

Recently I received a text message like this:

“xxx, we’re trying to get a hold of you about your Costco receipt UUIB-LPZ. Please claim your overcharge reimbursement here g4svc.info/6Jp1UwFdf.”

Apparently it’s a scam, but I just want to dig deeper to see what kind of attack it is. Is it just a clickbait? Or maybe it contains some JavaScript that executes instantly when I clicked on the link?

However, when I try to access it again from my laptop to analyze the source code, this link is no longer valid. It’s not like that I want to attack this server, but I really want to understand how this kind of server’s architecture works, and what kind of attack this is.

My guess is that this server keeps generating random mapping path and send to victims, whenever a URL is clicked, the server will redirect the user to the actual clickbait page, and clean up the original URL so most of the time it won’t be recorded and reported.

Kafka source code on github and from the apache website is missing the “org.apache.kafka.common.message.” package? [closed]

I tried downloading the source code of Kafka from Github as well as from Apache’s website. I found that both the sources were missing the “org.apache.kafka.common.message.” package. Can anybody kindly let me know why this might be the case.

Kindly note that I had downloaded the source of “AK RELEASE 2.5.0” from Apache’s website. Similarly I used “trunk” branch from the current github repository for kafka.

How to “trust” data that is posted from one application to other

We have a use case where a bunch of data needs to be posted from our application to a partner site where the end user takes some actions and then returns back to our site. On the return, the partner site also posts some data back to us. We need to establish trust for both the redirects.. i.e. the partner site needs to confirm that the data is originated at our end and hasn’t been modified during the transmission nd the same applies for post back from partner site. Our main constraint is that it should be a low cost solution for our partners. Our application is a multi-tenanted app with various partners (dozens). The usecase is applicable for all of them.

One option we looked at is a two step process, where our site posts a unique transaction id to the partner site which then calls a webservice hosted by us to get the complete data. We can secure our webservice using 2-way SSL auth and same goes for the data from the partner site. But the problem with the extra cost involved in creating a webservice at each partner end. This would delay the onboarding of a new partner and increase the cost.

Are there other alternatives to this problem than the PKI based solution?

Upgrading from D&D Adventure System to a full D&D Campaign

Me and my gaming group recently decided to try Role-playing as it’s something that isn’t offered by any of the local gaming groups / stores. Since the popular hobby around here is miniature war-gaming, our group has been playing smaller and smaller games of Warhammer 40,000, trying to get as close to roleplaying elements as possible, until we decided to just bite the bullet and try something character based. We decided to try out Dungeons & Dragons, so picked up the latest game, Temple of Elemental Evil. We figured since it uses miniatures, it should be less of a shock to local players used to war-gaming.

Problem is, when we started playing we realised that Level 2 is as high as you can go, there’s no equipment and Experience isn’t even used for the one level-up that you do get (It’s bought with 1,000 gold). There’s no real character progression, stat customisation or roleplaying elements. There are Character Sheets in the box, but they’re not actually used at all by the game (they’re for D&D: Encounters, whatever that is). We have a 5th Edition Starter Set, but that’s all Pen & Paper, which none of the local groups are willing to play. The whole thing has just left the entire group completely confused as to how to get started and we can’t find any resources able to help us out.

So my question is, is there any way that people picking up a D&D Adventure System Board Game can upgrade to a full Dungeons & Dragons game? Assuming that there is no “Advanced D&D Adventure Systems Rules” that keeps the same game elements, but introduces character development:

  • Is there any way of using the boards and/or miniatures from Temple of Elemental Evil to play a real Dungeons & Dragons Campaign?
  • If so, how does a group get started with this?
  • Is there anything that a group moving from D&D Adventure Systems need to be aware of before starting Dungeons & Dragons?
  • Are there any tips you guys can give as to how make a smooth transition from D&D Adventure Systems to D&D 5th Edition (or what ever D&D System is most suitable)

Thank you all for your time, literally any information or links to resources on this would be greatly appreciated.

How do the damage rules from blogofholding’s “5e monster manual on a business card” work?


5e monster manual on a business card

Damage: This is the damage budget for all the monster’s attacks. Limited-use (daily, recharge, or situational) attacks do 4x the damage budgeted. Multi-target attacks do ½ the damage budgeted. Limited-use multi-target attacks do 2x. All other damage sources are 1 for 1, including at-will and legendary single-target attacks, auras, reactions, and variable-length effects like Swallow. If a monster has several at-will options (such as melee and ranged), the lower-damage options are free.

The example stat block that the author uses to illustrate these rules involves a low-level creature that can only make a single attack per round, and in this situation the rules seem to work out. I’m having more trouble figuring out how the rules work when you start throwing multiattack into the mix or when you get into the higher levels with powerful creatures that have legendary actions, for instance.

The Monster Manual lists the Adult Red Dragon as a CR 17 creature. According to the blog’s rules, this would give it a damage budget of 85. The dragon’s fire breath is a limited-use, multi-target attack that deals an average of 63 points of damage to those who fail their saves, so as per the rules this should use up 31 out of the 85 budget, leaving 54.

The legendary Wing Attack also falls into this category and so should use up 7 more of the budget, leaving 47.

The blog’s rules indicate that only the most powerful at-will attack, which is a 1 for 1 on the budget cost, requires any budget, which means that the Bite attack eats up the 26 of the remaining budget, leaving 21.

Is this correct? Does the fact that the dragon has multiattack come into play in the budget calculations? Or is it that the dragon is a powerful creature and thus based on “concept” it should be up to 50% higher on the damage budget? In this case, we’re looking at a budget of up to 127, and then it seems like accounting for every attack available works out: 31 for the breath weapon, 7 for the wing attack, 26 for the bite, 15 x 2 for the claws, 17 for the tail, for a total of 111.

Is running bash script that is taking arguments from site dialog box a good idea?

I’m building a site that will use youtubeAPI to keep track of playlist changes. In order for 3rd party to use it I would supply a dialog box in which user would type his/hers playlistID – this would be read and then put as an argument into bash script that in turn runs curl/python scripts to connect with API (ran on my machine) and another bash script that would mkdirs on my disk.

Does this potentially endanger me/my files somehow ? Can someone input some magic command that would do “rm * -f” or similar malicious endeavor ? Should I use some external server instead of my machine ?

I know nothing about security, Ive read few topics here but didnt find similar problem.