linked images produced invalid HTML, fix later

2025-04-27 14:16:20 -04:00 · 2019-12-21 11:59:43 -05:00 · 2019-12-21 11:59:43 -05:00 · 762a82b3cb
commit 762a82b3cb
parent 6ae5aeb3e3
5 changed files with 6 additions and 6 deletions
--- a/content/notes/bernie-sanders-bern-app-data/index.md
+++ b/content/notes/bernie-sanders-bern-app-data/index.md
@ -60,11 +60,11 @@ Others have noted that web-based organizing tools like BERN have been used by ca

 But the latter category of databases — like [NationBuilder](https://nationbuilder.com/) and, more notably, [NGP VAN's VoteBuilder](https://act.ngpvan.com/votebuilder) software based on the Obama campaign's inventions and now used by almost all Democratic campaigns across the United States — are secured and strictly guarded. Volunteer accounts need to be created and approved by paid campaign organizers and are locked down to provide the bare minimum amount of information necessary for one to canvass or phone bank a shortlist of voters. Every single click is also recorded in a [detailed log](sanders-campaign-audit.pdf) down to the millisecond. (This is how [Bernie's organizers got busted](http://time.com/4155185/bernie-sanders-hillary-clinton-data/) snooping around Hillary's VoteBuilder data last cycle, by the way.)

-[{{< image src="images/votebuilder-audit.png" width="750" >}}[NGP VAN's audit of the Sanders campaign's VoteBuilder activity](sanders-campaign-audit.pdf){{< /image >}}](sanders-campaign-audit.pdf)
+{{< image src="images/votebuilder-audit.png" width="750" >}}[NGP VAN's audit of the Sanders campaign's VoteBuilder activity](sanders-campaign-audit.pdf){{< /image >}}

 BERN is taking this to an unprecedented level. Allowing anybody on the internet to sign up and add others' personal information to the campaign's database without their knowledge is troubling, especially when you consider the gamified "points" system they've added as an incentive to report as much information on as many people as possible.

-[{{< image src="images/reddit-bros.png" width="600" alt="Reddit comments on BERN" />}}](https://www.reddit.com/r/SandersForPresident/comments/bi15la/new_get_the_official_bernie_sanders_2020_app_bern/elxi85m/)
+{{< image src="images/reddit-bros.png" width="600" alt="Reddit comments on BERN">}}[BERN discussion on /r/SandersForPresident thread](https://www.reddit.com/r/SandersForPresident/comments/bi15la/new_get_the_official_bernie_sanders_2020_app_bern/elxi85m/){{< /image >}}

 In addition to the points system, it was revealed in the webinar mentioned above that the campaign is planning on giving out shiny rewards based on how many friends one adds, setting expectations at 50+ contacts to reach the "Bernie Super Bundler" tier — whatever that means.

--- a/content/notes/finding-candidates-subdomain-takeovers/index.md
+++ b/content/notes/finding-candidates-subdomain-takeovers/index.md
@ -16,7 +16,7 @@ A **subdomain takeover** occurs when a subdomain (like *example*.jarv.is) points

 Not only are takeovers a fun way to dip your toes into [penetration testing](https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/), but they can also be incredibly lucrative thanks to [bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) on services like [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover) and [Bugcrowd](https://bugcrowd.com/programs), where corporations pay pentesters for their discoveries.

-[{{< image src="images/hackerone-2.png" width="620" >}}[Huge rewards for subdomain takeovers on HackerOne.](https://hackerone.com/hacktivity?querystring=subdomain%20takeover){{< /image >}}](https://hackerone.com/hacktivity?querystring=subdomain%20takeover)
+{{< image src="images/hackerone-2.png" width="620" >}}[Huge rewards for subdomain takeovers on HackerOne.](https://hackerone.com/hacktivity?querystring=subdomain%20takeover){{< /image >}}

 For a deep dive on the implications of takeovers, which can be a pretty serious vector of attack for malicious actors to obtain information from users of the targeted company, [Patrik Hudak](https://twitter.com/0xpatrik) wrote a [great post here](https://0xpatrik.com/subdomain-takeover/). Definitely take some time to skim through it and come back here when you're ready to hunt for a potential takeover yourself.

--- a/content/notes/my-first-code/index.md
+++ b/content/notes/my-first-code/index.md
@ -13,7 +13,7 @@ draft: false
 ---


-[{{< image src="images/netscape.png" alt="Awesome First Code on GitHub" />}}](https://github.com/jakejarvis/awesome-first-code)
+{{< image src="images/netscape.png" alt="Awesome First Code on GitHub" />}}

 {{< image src="images/badges.png" width="537" alt="Code Quality: A for effort" />}}

--- a/content/notes/security-headers-cloudflare-workers/index.md
+++ b/content/notes/security-headers-cloudflare-workers/index.md
@ -13,7 +13,7 @@ draft: false
 ---


-[{{< image src="images/security-headers.png" width="700" >}}An [A+ security grade](https://securityheaders.com/?q=jarv.is&amp;followRedirects=on) for this website!{{< /image >}}](https://securityheaders.com/?q=jarv.is&amp;followRedirects=on)
+{{< image src="images/security-headers.png" width="700" >}}An [A+ security grade](https://securityheaders.com/?q=jarv.is&amp;followRedirects=on) for this website!{{< /image >}}

 In 2019, it's becoming more and more important to harden websites via HTTP response headers, which all modern browsers parse and enforce. Multiple standards have been introduced over the past few years to protect users from various attack vectors, including `Content-Security-Policy` for injection protection, `Strict-Transport-Security` for HTTPS enforcement, `X-XSS-Protection` for cross-site scripting prevention, `X-Content-Type-Options` to enforce correct MIME types, `Referrer-Policy` to limit information sent with external links, [and many, many more](https://www.netsparker.com/whitepaper-http-security-headers/).

--- a/content/notes/shodan-search-queries/index.md
+++ b/content/notes/shodan-search-queries/index.md
@ -18,7 +18,7 @@ draft: false

 Over time, I've collected an assortment of interesting, funny, and depressing search queries to plug into [Shodan](https://www.shodan.io/), the ([literal](https://www.vice.com/en_uk/article/9bvxmd/shodan-exposes-the-dark-side-of-the-net)) internet search engine. Some return facepalm-inducing results, while others return serious and/or ancient vulnerabilities in the wild.

-[{{< image src="images/shodan.png" >}}[**Most search filters require a Shodan account.**](https://account.shodan.io/register){{< /image >}}](https://account.shodan.io/register)
+{{< image src="images/shodan.png" >}}[**Most search filters require a Shodan account.**](https://account.shodan.io/register){{< /image >}}

 You can assume these queries only return unsecured/open instances when possible. For your own legal benefit, do not attempt to login (even with default passwords) if they aren't! Narrow down results by adding filters like `country:US` or `org:"Harvard University"` or `hostname:"nasa.gov"` to the end.