So… Google Mail will not show me emails if their title is 2.5 million letters long? Pathetic
afk_strats@lemmy.world
on 12 Feb 22:06
nextcollapse
It took them 147 days to fix this?!?
flames5123@lemmy.world
on 13 Feb 00:39
nextcollapse
When FFXIV implemented better blocking tools this past summer, there was an option when blocking a single character to block the entire service account. This would be fine, but the implementation they went with is client side, and when you select that option, you get the service account ID. Which means that if you’re blocked by someone, you can’t made an alt character to stalk/harass them. But with third party tools, we can see this account ID. The stalker could just use a new account and find the person’s account ID that they were harassing and find any alt character they have in the game. They’re changing this soon as a third party tool popped up and is now able to do this, full source code leaked so there’s no shutting it down until the game devs change how it’s done.
This sounds super similar, but the implementation that you had to do for google is crazy.
Ah yea. Idk why I said leaked since it was published that way. Nice call out!
Dil@is.hardlywork.ing
on 13 Feb 00:48
nextcollapse
This and some browsing of the public Facebook account will get you into most people’s accounts with minimal effort, social engineering is wild and made me lose interest in being a hacker growing up because it was too easy and made me uncomfortable. (I wanted to be mr robot so bad, I was delusional lol)
Dil@is.hardlywork.ing
on 13 Feb 00:49
nextcollapse
(This was when facebook contacts would/could get added to yahoo contacts or whatever? IDK I had 100s of emails in there)
Remember back in the day when you could get apple users emails through a simple number incrimination in i believe the app store website?
The documentary The Hacker Wars highlighted the issue and if i remember weev went to jail for it. I probably need to rewatch it again.
Also if people are interested in that kind of documentary The Internet’s Own Boy is a heartbreakingly excellent story of what the US put Arron Schwartz through.
threaded - newest
To clarify this is about someone identifying a vulnerability and getting $10k from Google for it
I was just thinking “maybe I can just give them my email…” but of course it isn’t that simple
I’d pay $10,000 for your email.
$10,000 and my ass eaten? Sold.
Prepare for a lot of furry porn on you inbox.
<img alt="" src="https://feddit.nl/pictrs/image/03bfc4e8-c0b9-4619-8c45-a9cd29b8c9bb.jpeg">
Prepare for a lot of furry scat porn in your inbox.
that’s the real maricle here, an actual payout of a bounty.
…huh? Bug bounty payouts are not even remotely rare in either the industry as a whole or Google specifically.
Nice exploit chain!
Fun read
So… Google Mail will not show me emails if their title is 2.5 million letters long? Pathetic
It took them 147 days to fix this?!?
When FFXIV implemented better blocking tools this past summer, there was an option when blocking a single character to block the entire service account. This would be fine, but the implementation they went with is client side, and when you select that option, you get the service account ID. Which means that if you’re blocked by someone, you can’t made an alt character to stalk/harass them. But with third party tools, we can see this account ID. The stalker could just use a new account and find the person’s account ID that they were harassing and find any alt character they have in the game. They’re changing this soon as a third party tool popped up and is now able to do this, full source code leaked so there’s no shutting it down until the game devs change how it’s done.
This sounds super similar, but the implementation that you had to do for google is crazy.
Saying full source code leaked is a little wrong.
Plugin was always open source, and all plugins for that framework are required to be open source by the framework’s licensing.
Doesn’t change the fact that once one person did it, the code was available for anyone, though, you’re right.
Ah yea. Idk why I said leaked since it was published that way. Nice call out!
This and some browsing of the public Facebook account will get you into most people’s accounts with minimal effort, social engineering is wild and made me lose interest in being a hacker growing up because it was too easy and made me uncomfortable. (I wanted to be mr robot so bad, I was delusional lol)
(This was when facebook contacts would/could get added to yahoo contacts or whatever? IDK I had 100s of emails in there)
Remember back in the day when you could get apple users emails through a simple number incrimination in i believe the app store website?
The documentary The Hacker Wars highlighted the issue and if i remember weev went to jail for it. I probably need to rewatch it again.
Also if people are interested in that kind of documentary The Internet’s Own Boy is a heartbreakingly excellent story of what the US put Arron Schwartz through.
Sharing a video about a Google security vulnerability on Google’s own platform. What would you expect?
They did disclose it to Google before, and got a bounty but it seems the moderators from YouTube didn’t get the memo