|
you pay 10k damages for pirating the game. the game developers go to jail for several years
|
# ? Feb 21, 2018 12:48 |
|
|
# ? Jun 8, 2024 10:08 |
|
Wheany posted:you pay 10k damages for pirating the game. the game developers go to jail for several years Pay money to nominate someone to be jailed, they have to outbid you to stay free. Stay free America! Capitalism, now rise for the national anthem!
|
# ? Feb 21, 2018 13:05 |
|
why would it even be an option not to have authentication on something like that?
|
# ? Feb 21, 2018 15:31 |
|
https://github.com/maxchehab/CSS-Keylogging
|
# ? Feb 21, 2018 15:33 |
|
it got posted here already and it's real cute idk why this is presented as a chrome plugin though that's weird
|
# ? Feb 21, 2018 15:52 |
|
ate all the Oreos posted:it got posted here already and it's real cute its so it can be a self contained demo, doing it on the other browsers requires an external server
|
# ? Feb 21, 2018 16:53 |
|
Shaggar posted:why would it even be an option not to have authentication on something like that?
|
# ? Feb 21, 2018 21:02 |
|
meanwhile in the grey thread there's an idiot defending the password stealer drm
|
# ? Feb 21, 2018 21:13 |
|
anthonypants posted:meanwhile in the grey thread there's an idiot
|
# ? Feb 21, 2018 21:15 |
|
anthonypants posted:meanwhile in the grey thread there's an idiot defending the password stealer drm Reads like less defending and more "yeah but other things could be bad!" Which is even more annoying.
|
# ? Feb 21, 2018 21:27 |
|
https://twitter.com/captbaritone/status/966051583132758016
|
# ? Feb 21, 2018 21:50 |
|
doesn't reddit allow you to use custom css for subforums?
|
# ? Feb 21, 2018 22:00 |
|
kebernutes
|
# ? Feb 21, 2018 22:02 |
|
atomicthumbs posted:kebernutes Kerbalnetes Space Program Edit: gently caress! Wrong muskie money pit.
|
# ? Feb 21, 2018 22:08 |
akadajet posted:doesn't reddit allow you to use custom css for subforums? yes it does
|
|
# ? Feb 21, 2018 22:09 |
|
akadajet posted:doesn't reddit allow you to use custom css for subforums? if only they had mentioned that in the tweet you quoted
|
# ? Feb 21, 2018 22:13 |
|
Seems difficult to make the attack viable on somewhere like reddit unless you're able to somehow serve a specific style sheet to a specific user before they've logged in. I assume it doesn't permit externally hosted styles and you have to upload a static CSS file to the reddit servers.
|
# ? Feb 21, 2018 22:13 |
Chalks posted:Seems difficult to make the attack viable on somewhere like reddit unless you're able to somehow serve a specific style sheet to a specific user before they've logged in. I assume it doesn't permit externally hosted styles and you have to upload a static CSS file to the reddit servers. yeah they prohibit any non-local content in css afaik
|
|
# ? Feb 21, 2018 22:15 |
|
Chalks posted:Seems difficult to make the attack viable on somewhere like reddit unless you're able to somehow serve a specific style sheet to a specific user before they've logged in. I assume it doesn't permit externally hosted styles and you have to upload a static CSS file to the reddit servers. If you log out of your account each time you're finished, you would be likely to visit the subreddit with the danger CSS, and log in on that forum. cinci zoo sniper posted:yeah they prohibit any non-local content in css afaik This would be the hard part, I think.
|
# ? Feb 21, 2018 22:21 |
|
Avenging_Mikon posted:If you log out of your account each time you're finished, you would be likely to visit the subreddit with the danger CSS, and log in on that forum. I guess you'd use the same technique on the username field as well, then try to match it all up using the requesting IP address. Hope that typing speed+latency doesn't mean that some of the requests get skipped or arrive out of order. I assume reddit limit the CSS resources to their own site to exercise some control over filesizes - or are there other known css exploits like this that they were trying to mitigate?
|
# ? Feb 21, 2018 22:28 |
|
I...don't...know. LOOKOVERTHERE!
|
# ? Feb 21, 2018 22:35 |
|
got my first CVE ID assigned today i have now graduated from lurker/white-noise shitposter to someone who can at least in theory contribute meaningfully to this thread
|
# ? Feb 21, 2018 22:53 |
|
huh, they usually only assign CVEs to bugs
|
# ? Feb 21, 2018 23:05 |
|
Chalks posted:I guess you'd use the same technique on the username field as well, then try to match it all up using the requesting IP address. Hope that typing speed+latency doesn't mean that some of the requests get skipped or arrive out of order. probably just the usual problems with letting users bring their own css that refers to external resources leeching styles turning to goatse Image decoder vulnerabilities
|
# ? Feb 21, 2018 23:53 |
|
NFX posted:huh, they usually only assign CVEs to bugs
|
# ? Feb 22, 2018 00:21 |
|
Chalks posted:I guess you'd use the same technique on the username field as well, then try to match it all up using the requesting IP address. Hope that typing speed+latency doesn't mean that some of the requests get skipped or arrive out of order. i think they want to prevent people from using css styles to track users
|
# ? Feb 22, 2018 01:05 |
|
i would hope they just don't load custom css on any page where you enter your password but it's reddit so i don't want to give them the benefit of the doubt
|
# ? Feb 22, 2018 01:48 |
|
anthonypants posted:i would hope they just don't load custom css on any page where you enter your password If you visit a subreddit directly, they have username/password fields right in the sidebar.
|
# ? Feb 22, 2018 02:06 |
|
NFX posted:huh, they usually only assign CVEs to bugs I walked into that one
|
# ? Feb 22, 2018 02:21 |
|
anthonypants posted:i would hope they just don't load custom css on any page where you enter your password some subreddits use the first character of the login form csrf token to assign a random banner image every page load via css
|
# ? Feb 22, 2018 02:29 |
|
NFX posted:huh, they usually only assign CVEs to bugs Thanks Dad
|
# ? Feb 22, 2018 05:03 |
|
work secfuck: just discovered that some idiot hell fucker has configured ACEs at the root of the AD domain which allows auth users (aka almost everyone) to write properties on all computer objects and join computers to the domain
|
# ? Feb 22, 2018 05:06 |
|
cheese-cube posted:work secfuck: just discovered that some idiot hell fucker has configured ACEs at the root of the AD domain which allows auth users (aka almost everyone) to write properties on all computer objects and join computers to the domain jokes on you: all PCs are workgrouped the AD server is just a honeypot
|
# ? Feb 22, 2018 06:36 |
|
Chalks posted:a random company accusing you of breaking a law doesn't automatically remove your legal rights. of course not; even criminals still have access to lawyers and the courts
|
# ? Feb 22, 2018 06:50 |
|
cheese-cube posted:work secfuck: just discovered that some idiot hell fucker has configured ACEs at the root of the AD domain which allows auth users (aka almost everyone) to write properties on all computer objects and join computers to the domain I don't know about that first one but the second is the default config for AD
|
# ? Feb 22, 2018 13:23 |
|
cheese-cube posted:work secfuck: just discovered that some idiot hell fucker has configured ACEs at the root of the AD domain which allows auth users (aka almost everyone) to write properties on all computer objects and join computers to the domain
|
# ? Feb 22, 2018 13:41 |
|
cheese-cube posted:work secfuck: just discovered that some idiot hell fucker has configured ACEs at the root of the AD domain which allows auth users (aka almost everyone) to write properties on all computer objects and join computers to the domain you're writing in janitor moonspeak, but that sounds bad.
|
# ? Feb 22, 2018 15:32 |
|
akadajet posted:you're writing in janitor moonspeak, but that sounds bad. some guy configured the main thingy to let all the other thingies into the thingy clubhouse without asking first and also to write all over each other
|
# ? Feb 22, 2018 15:44 |
|
lol if you don't immediately take your work laptop off of the domain when they give it to you
|
# ? Feb 22, 2018 15:55 |
|
|
# ? Jun 8, 2024 10:08 |
|
akadajet posted:lol if you don't immediately take your work laptop off of the domain when they give it to you yeah, it's an extremely good way of getting fired
|
# ? Feb 22, 2018 16:00 |