Any Experience with "Glock Pistol Shop?"

[Sig_Fiend]

Just speaking generally since I know nothing about the site above.

One thing to keep in mind on internet security. If you have personal info (login, address, CC, etc.) stored in your browser, it can potentially be captured without submitting anything. This is the downside of many browser "convenience" features...

A webpage can be setup to take advantage of autocomplete and automatically push that data externally without you even submitting a form. Merely hitting a webpage that's setup in a malicious way is sometimes enough to do it.

I'd always recommend disabling autocomplete on your browser/device and never store any private info on it. Accept the inconvenience of spending the extra minute having to type in your info and it'll go a long way towards reducing certain security risks.

[Rocky Racoon]

Just speaking generally since I know nothing about the site above.

One thing to keep in mind on internet security. If you have personal info (login, address, CC, etc.) stored in your browser, it can potentially be captured without submitting anything. This is the downside of many browser "convenience" features...

A webpage can be setup to take advantage of autocomplete and automatically push that data externally without you even submitting a form. Merely hitting a webpage that's setup in a malicious way is sometimes enough to do it.

I'd always recommend disabling autocomplete on your browser/device and never store any private info on it. Accept the inconvenience of spending the extra minute having to type in your info and it'll go a long way towards reducing certain security risks.

This would seem to be such a egregious security vulnerability that Chrome and Edge would have fixed it immediately. Got a source for this?

[HCM]

They appear to show a pistol I want in stock when most places don't. So I start researching them, and they show a physical address in SF, CA. But they are listing Gen 4 Glocks, as well as Glocks with 17rd mags, etc. Maybe I misunderstood, but I thought Kalifornia doesn't allow such things.

https://shopglockspistols.com/contact/

Just wanted to see if anyone is familiar with them and what kind of experiences y'all had. Thanks!

While this particular site appears to be a scam, licensed dealers in CA can have off roster guns and high cap mags for sale to LE or for sale out of state.

Some CA based dealers like Botach etc sell such items and simply drop ship them from out of state locations. I believe some WA state online dealers are going to a similar model due to WA states recent legal changes.

[Sig_Fiend]

This would seem to be such a egregious security vulnerability that Chrome and Edge would have fixed it immediately. Got a source for this?

This gets really technical and hard to follow, because the ways features like stored user data and autocomplete can be exploited are numerous. Here's a few links to help paint the picture:

https://www.beringer.net/beringerblog/passwordautofill/ (simple higher level view of a few issues)
https://www.gosecure.net/blog/2022/0...scripting-xss/ (vulnerabilities via cross site scripting)
https://www.invicti.com/blog/web-sec...-web-security/ (inconsistencies between browsers)
https://usa.kaspersky.com/blog/brows...a-theft/18369/ (vulnerabilities via malware infection)
https://www.cs.uic.edu/~polakis/clas...fill-ccs20.pdf (novel attack without the user using autofill)

Some of the examples in the links above may have been patched by some browser vendors. The vendors all continuously work on this stuff because the angles of attack are near limitless. New vulnerabilities are also continuous.

The more a person learns of this stuff, the easier it is to become paranoid and minimalist because of it.

[Rocky Racoon]

This gets really technical and hard to follow, because the ways features like stored user data and autocomplete can be exploited are numerous. Here's a few links to help paint the picture:

https://www.beringer.net/beringerblog/passwordautofill/ (simple higher level view of a few issues)
https://www.gosecure.net/blog/2022/0...scripting-xss/ (vulnerabilities via cross site scripting)
https://www.invicti.com/blog/web-sec...-web-security/ (inconsistencies between browsers)
https://usa.kaspersky.com/blog/brows...a-theft/18369/ (vulnerabilities via malware infection)
https://www.cs.uic.edu/~polakis/clas...fill-ccs20.pdf (novel attack without the user using autofill)

Some of the examples in the links above may have been patched by some browser vendors. The vendors all continuously work on this stuff because the angles of attack are near limitless. New vulnerabilities are also continuous.

The more a person learns of this stuff, the easier it is to become paranoid and minimalist because of it.

Thank you. Over my head so I will just take your advice and turn off auto fill.