Cabrio

@Cabrio@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Cabrio,

Religious barbarism.

Cabrio,

Yes, still not worth risking using a duplicate password though.

Cabrio,

It’s not a system generated one they sent, it was user generated.

Cabrio,

They can’t send it if they haven’t stored it, that’s the proof. Whether temporary or not it’s a weakness and attack vector for obtaining unhashed passwords. And if they stored it, it should be immediately hashed at which point they can’t send it.

Cabrio,

You’ll forgive me for not trusting anyone who can tell me my password that isn’t me.

Cabrio,

It sends the user generated password, not an auto generated one.

Cabrio, (edited )

Stored in memory is still stored. It’s still unencrypted during data processing. Still bad practice and a security vulnerability at best. Email isn’t E2E encrypted.

Cabrio, (edited )

You have the text input feed directly into the encryption layer without an intermediary variable. The plaintext data should never be passable to an accessible variable which it must be to send the plaintext password in the email because it’s not an asynchronous process.

I’m surprised so many people are getting hung up on basic infosec.

Cabrio,

The front end to backend traffic should be encrypted, hashing occurs on the backend. The backend should never have access to a variable with a plaintext password.

I’m going to have to stop replying because I don’t have the time to run every individual through infosec 101.

Cabrio,

25, I used to write proprietary networking protocols.

Cabrio,

Yes, which is why they’re vulnerable to mitm and local sniffer attacks.

Cabrio, (edited )

Imagining thinking what’s popular is best. Betamax, HD DVD, Firewire, Ogg Vorbis, PNG, Firefox, Linux, Lemmy and friends, would all like a chat.

Cabrio,

Yes. I agree 100% with the things I can and I defer to your experience where I can’t. I used to write proprietary networking protocols 20 years ago and that’s the knowledge and experience I’m leaning on.

As a matter of practice we would ensure to process passwords by encrypting the datasteam directly from the input, and they were never unencrypted in handling, so as to protect against various system and browser vulnerabilities. It would be a big deal to have them accessible in plaintext beyond the user client, not to mention accessible and processable by email generation methods and insecure email protocols.

Cabrio,

I haven’t looked into it but I was wondering about the logistics of setting up a federated honeypot for server side stream sniffing to build a plaintext email/password database.

Cabrio,

It’s a good thing your opinion makes no difference then isn’t it.

Cabrio,

Lmao

Cabrio,

Sure, if you’re illiterate.

Cabrio,

If self awareness was a disease you’d be the healthiest person alive.

Cabrio, (edited )

You encrypt the datastream from the text input on the client side before storing it in a variable. It’s not rocket science. I did this shit 20 years ago. Letting a plaintext password leave the user client is fucking stupid.

Cabrio,

Well it’s a good thing your opinion has no effect on reality.

Cabrio,

OP would do well to responsibly report it, rather than stirring up drama over a web forum account.

¿Porque no los dos?

Took them 23 years to fix it last time, seems public awareness would be important in the interim, no?

Cabrio,

Image was taken immediately before posting. The issue, apparently, has since shown up again.

Cabrio,

And didn’t even have the common decency to finish the job when he killed himself, unlike Hitler.

Cabrio,

Gaben has been hands off at valve for a decade. He’s off breaking world records with research submersibles. Playing with his rubber duckies in the bathtub.

Cabrio,

Just saying that trust in Gaben and trust in Valve are two separate things. Valve has been doing fine without Gaben at the wheel.

Cabrio,

If he is I know someone who could use one. Oh…

Cabrio,

After witnessing one of the most successful RPG releases in recent history

They better be referring to the release of BG3, because if they’re talking about D4…

https://lemmy.world/pictrs/image/1f307d4c-89d9-4af8-a0a1-45bf20e9ca83.jpeg

Cabrio,

Unfortunately she didn’t go there for punishment, she went for a job.

Cabrio,

Everyone who votes for Trump is poor.

Poorly educated, poorly socialised, poorly raised.

So, apparently shit post mods will just remove posts with positive upvotes without any mod mail or explanation.

As per title, submitted a post here that as far as I’m aware met all the rules, it had positive momentum before I went to bed, wake up and no post and no messages or notification that it was removed or why except that it’s just gone. Discuss.

Cabrio,

It gets easier to comprehend when it’s tempered by the knowledge of global literacy rates. In the US, for example, 54% of adults read below a 6th grade comprehension level.

More than half the planet can barely analyse the nuances between two similar statements, let alone comprehend anything that takes a formal education to learn. As a result many people lack the communicative skills that enable us to avoid conflict because they literally lack a conceptual understanding of the many words they don’t know or understand correctly.

Hell, try even explaining concepts like context and nuance to many people and their eyes glaze over. I’d like to think it’s a largely fixable problem due to insufficient education, but another side of me remembers all my classmates in highschool who failed English.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • fightinggames
  • All magazines
    •