Security Fuckup Megathread - v17.1a - motherfuckers act like they forgot about jre

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v17.1a - motherfuckers act like they forgot about jre

pseudorandom: Jun 16, 2010; Yam Slacker

Shame Boy posted:

because it lets me right click and automatically fill out the password fields without having to copy/paste everything

Do you not use CTRL+ALT+A to just auto-type your passwords?

neutral milf hotel posted:

please rename thread to

Linux on phones? it's worse than you thought... (page 1 of 500000)

I'm actually kind of considering getting the Librem 5 if initial reviews look promising. :q:

# ¿ Mar 22, 2019 17:18

Adbot: ADBOT LOVES YOU

# ¿ May 9, 2024 05:54

pseudorandom: Jun 16, 2010; Yam Slacker

Shame Boy posted:

you still have to search for and pick the thing first right? this matches based on the URL and picks the right one for you

also i thought auto-type was Bad and you Shouldn't Use It because things were finding ways to hijack it, but maybe i'm thinking of something else

e: yeah I think I was thinking of the auto-fill browser mode where it doesn't wait for you to like, tell it to enter the password, it just goes ahead and does it whenever it feels like it, which is a hilariously bad idea

The native application's auto-type works by reading the title of the application, eg "Security Fuckup Megathread - The Something Awful Forums - Mozilla Firefox". So yes, someone could spoof a page title, but you still have to fall for the trick.

This works great most of the time and requires no manual searching for the entry. The only time I need to manually search are for the terrible websites that omit any identifiers from their login page, <title>Log In</title>, so there's no context about what website is active in the browser title.

# ¿ Mar 22, 2019 17:43

pseudorandom: Jun 16, 2010; Yam Slacker

Kuvo posted:

the icing on the poo poo cake is that they do this by blocking the ctrl+v keyboard shortcut. going to the menu item edit > paste still works.

For sites that do this dumb stuff, I've ended up just opening the dev console and removing event bindings for the input element.

# ¿ Mar 22, 2019 23:32

pseudorandom: Jun 16, 2010; Yam Slacker

pseudorandom name posted:

does Mint still just ask you for your bank password?

Oh boy, I guess you haven't heard of Plaid yet.

Everyone's bank passwords, all in one convenient place!

# ¿ Apr 4, 2019 16:33

pseudorandom: Jun 16, 2010; Yam Slacker

neutral milf hotel posted:

hack in progress

Probably clicked the big, shiny, green DOWNLOAD button, but not the correct big, shiny, green DOWNLOAD button.

# ¿ Apr 10, 2019 06:15

pseudorandom: Jun 16, 2010; Yam Slacker

Blinkz0rz posted:

so they don't encrypt the entire vault, only individual passwords

Since it said "could", I'd assume this might be a case of logs including the websites for auto-fill requests from browser extensions. I'm willing to hope they're not dumb enough to not encrypt the whole database itself.

# ¿ Apr 15, 2019 04:33

pseudorandom: Jun 16, 2010; Yam Slacker

Hackers release dump of a Police Database :siren:

# ¿ Apr 18, 2019 05:42

Adbot: ADBOT LOVES YOU

# ¿ May 9, 2024 05:54

pseudorandom: Jun 16, 2010; Yam Slacker

fishmech posted:

floridalord

The proper title is Lord of the Sunshame State.

# ¿ Apr 19, 2019 06:21

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Security Fuckup Megathread - v17.1a - motherfuckers act like they forgot about jre