Some Random Stuff

How I got scammed 3 times by Freelancer.com Freelancer.com , the most popular platform for freelancing has now turned into a scam machine. I am not talking about employers/freelancers running away but instead the staff of freelancer.com is involved.  I have recently lost $600 and I will explain how (the points I will mention below has happened to me 3 times in last 1 year): Project awarded -> milestones paid (lets say $300) -> everything good I withdraw my money after few days Suddenly in the morning I see that $300 are locked from my account mentioning security reasons I contact freelancer.com support they say that employer you worked for has some problem in their account verification and we have asked them to verify so your amount will be unlocked once they are verified I wait 3–4 days. No updates. My employer mentioned that they have submitted the required information and support has given them 48 hours to resolve the issue. I contact support again and they say that your emp

Replay attacks are very popular against public APIs.  What is a replay attack ? When an attacker intercepts a valid HTTP request to your API and then replay the same request again and again tricking your API into thinking that it is a valid HTTP request coming from your user. Protection Here is a very simple method that I use to protect my APIs from Replay Attacks . Client side steps 1. Generate a unique token on server for the device when app is used for the first time or if app requires login then generate token on successful login. 2. Whenever app makes a call to server it adds the following in HTTP headers Token 128 characters long random value (call it Random1 ) Current Unix Timestamp of device SHA256 of "Token+|||+Random1+|||+Timestamp" (call this result Random2 ) Server side steps When a HTTP request is received by any API it takes the following steps to verify the validity of request Check if Token is a valid token that exists in database (you can implement expiry mec