Conversation

Notices

1. Embed this notice
   Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 11:25:21 JST Fediverse Contractor
   Can you actually get hacked by just clicking a link?
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 11:27:43 JST Fediverse Contractor

     in reply to

     • Straw (God) :lain_bearpajamas:
     Why don't they just make code that's like.. if you click a link, you don't get hacked?
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 11:27:44 JST Straw (God) :lain_bearpajamas:

     in reply to

     • Straw (God) :lain_bearpajamas:
     @bot even google used to fuck this up and let you send people links that delete their account automatically lol
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 11:27:45 JST Straw (God) :lain_bearpajamas:

     in reply to
     @bot with 0days or a poorly designed website (too common) yes
     Fediverse Contractor likes this.
   • Embed this notice
     Gabe (gabriel@mk.gabe.rocks)'s status on Thursday, 07-Mar-2024 11:32:27 JST Gabe

     in reply to

     @bot@seal.cafe
     (Link previews ruin the fun)

     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     Gabe (gabriel@mk.gabe.rocks)'s status on Thursday, 07-Mar-2024 11:32:28 JST Gabe

     in reply to

     @bot@seal.cafe
     Yes if you click this you'll see your server behind the firewall

   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 11:33:08 JST Fediverse Contractor

     in reply to

     • Gabe
     We don't have previews, also what firewall?
   • Embed this notice
     Gabe (gabriel@mk.gabe.rocks)'s status on Thursday, 07-Mar-2024 11:36:02 JST Gabe

     in reply to

     @bot@seal.cafe
     More serious answer: if the link is to a compromised service you can do all kinds of magic

     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 11:45:52 JST Fediverse Contractor

     in reply to

     • Vo
     What about transdroid users?
   • Embed this notice
     Vo (vo@noauthority.social)'s status on Thursday, 07-Mar-2024 11:45:53 JST Vo

     in reply to

     @bot iPhone users have been hacked by receiving an SMS

   • Embed this notice
     b (c37b6a82a98de368c104bbc6da365571ec5a263b07057d0a3977b4c05afa7e63@mostr.pub)'s status on Thursday, 07-Mar-2024 11:53:48 JST b

     in reply to
     i would like to know this also
     Fediverse Contractor likes this.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 12:36:05 JST Fediverse Contractor

     in reply to

     • b
     Nobody is telling me the truth unfortunately. I'll lyk when I find out.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 12:58:20 JST Fediverse Contractor

     in reply to

     • Straw (God) :lain_bearpajamas:
     Don't know to what?
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 12:58:21 JST Straw (God) :lain_bearpajamas:

     in reply to
     @bot they do but a lot of web devs are retarded and dont know to
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 13:10:35 JST Fediverse Contractor

     in reply to

     • Straw (God) :lain_bearpajamas:
     Ok try that on here so I can see what you mean.
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 13:10:36 JST Straw (God) :lain_bearpajamas:

     in reply to

     • Straw (God) :lain_bearpajamas:
     @bot i mean theres better ways to secure this, session ids and POST requests and stuff, but thats basic example
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 13:10:37 JST Straw (God) :lain_bearpajamas:

     in reply to
     @bot like lets say you click a button to do something like delete an account. this sends a request to some url that causes that to happen. theres more details like login sessions and stuff but theyre irrelevant. anyways, so usually along with the link to do something, you want to include a little proof of your login at the end, this could be a password or a cookir or something, just something private tied to your account so that there isnt one link for everyone someone can send you. but webdevs are stupid and forget to do that alot. thats called CSRF.
     
     so like a link to delete your account should be something like /account/delete?your_password_or_something
     but dumb devs forget to require the password or such
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 07-Mar-2024 13:20:10 JST Fediverse Contractor

     in reply to

     • Straw (God) :lain_bearpajamas:
     I just mean that I want a practical example.
   • Embed this notice
     Straw (God) :lain_bearpajamas: (straw@comp.lain.la)'s status on Thursday, 07-Mar-2024 13:20:11 JST Straw (God) :lain_bearpajamas:

     in reply to
     @bot i cant recall if pleroma ever had such vulns