Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://calckey.social/notes/9eu8ddzid3">Johan S 🌀 (spiralmind@calckey.social)'s status on Wednesday, 17-May-2023 04:28:34 JST</a><a href="https://calckey.social/@spiralmind" title="spiralmind@calckey.social"><img src="https://gnusocial.jp/avatar/120297-48-20230516192022.webp" width="48" height="48" alt="Johan S 🌀" style="position: absolute; left: 0; top: 0;">Johan S 🌀</a><div><a href="https://calckey.social/notes/9eu88n3b31" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/56048" title="steve@social.dinn.ca">Steve Dinn</a></li><li><a href="https://gnusocial.jp/user/116561" title="kainoa@calckey.social">Kainoa</a></li></ul></div></section><article><p><a href="https://calckey.social/@kainoa">@kainoa</a> <a href="https://social.dinn.ca/@steve">@steve@social.dinn.ca</a> <a href="https://newsie.social/@PerryM">@PerryM@newsie.social</a> Ah, that kind of vector, I was thinking more actual data exfiltration attacks. Bit of an ingenious headline on that page, and BitWarden should also be included for that level of vulnerability. <a href="https://flashpoint.io/blog/bitwarden-password-pilfering/">https://flashpoint.io/blog/bitwarden-password-pilfering/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1476053#notice-2996309">In conversation</a><time datetime="2023-05-17T04:28:34+09:00" title="Wednesday, 17-May-2023 04:28:34 JST">Wednesday, 17-May-2023 04:28:34 JST</time> <span>from <span><a href="https://calckey.social/notes/9eu8ddzid3" rel="external" title="Sent from calckey.social via ActivityPub">calckey.social</a></span></span><a href="https://calckey.social/notes/9eu8ddzid3">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: flashpoint.io</div><h5><a href="https://flashpoint.io/blog/bitwarden-password-pilfering/">Bitwarden: The Curious (Use-)Case of Password Pilfering</a></h5><div> from <span>Flashpoint Intel Team</span></div></header><div>While evaluating the behavior of Bitwarden, a popular password manager browser extension, Flashpoint’s Vulnerability Research team noticed that embedded iframes in a web page were handled in an atypical manner.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Johan S 🌀 (spiralmind@calckey.social)'s status on Wednesday, 17-May-2023 04:28:34 JSTJohan S 🌀
in reply to
@kainoa @steve@social.dinn.ca @PerryM@newsie.social Ah, that kind of vector, I was thinking more actual data exfiltration attacks. Bit of an ingenious headline on that page, and BitWarden should also be included for that level of vulnerability. https://flashpoint.io/blog/bitwarden-password-pilfering/
In conversationWednesday, 17-May-2023 04:28:34 JST from calckey.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: flashpoint.io
  Bitwarden: The Curious (Use-)Case of Password Pilfering
  from Flashpoint Intel Team
  While evaluating the behavior of Bitwarden, a popular password manager browser extension, Flashpoint’s Vulnerability Research team noticed that embedded iframes in a web page were handled in an atypical manner.

Public

Embed Notice

HTML Code

Corresponding Notice