TheCreeperFace

joined 1 year ago
sorted by: new top controversial old
Where are saved comments kept in c/boostforlemmy@lemmy.world
[Feature Request] Option to Swap Tap and Hold Actions on Comments in c/boostforlemmy@lemmy.world
[–] TheCreeperFace@lemmy.dbzer0.com 4 points 11 months ago (1 children)

settings>general> comments> behavior

Short Total Drama Island comic (rest in comments) [AfroBull] in c/rule34@lemmynsfw.com
[–] TheCreeperFace@lemmy.dbzer0.com 1 points 11 months ago

report it to the lemmy devs and the instance admins and hope it gets fixed

Short Total Drama Island comic (rest in comments) [AfroBull] in c/rule34@lemmynsfw.com
[–] TheCreeperFace@lemmy.dbzer0.com 5 points 11 months ago (2 children)

with nsfw turned off it's still showing could be a federation bug

Is it possible to reverse the order of the post buttons? in c/boostforlemmy@lemmy.world
[–] TheCreeperFace@lemmy.dbzer0.com 4 points 1 year ago

change post view to card 2.0

[Feature Requests] Slightly different default icon in c/boostforlemmy@lemmy.world
[–] TheCreeperFace@lemmy.dbzer0.com 3 points 1 year ago (3 children)

you can change it in the settings

Chrome extensions can steal plaintext passwords from websites in c/news@lemmy.linuxuserspace.show
[–] TheCreeperFace@lemmy.dbzer0.com 2 points 1 year ago (1 children)

TLDR of sorts

To test Google's Web Store review process, the researchers decided to create a Chrome extension capable of password-grabbing attacks and try to upload it on the platform.

The researchers created an extension posing as a GPT-based assistant that can:

Capture the HTML source code when the user attempts to login on a page by means of a regex.
Abuse CSS selectors to select target input fields and extract user inputs using the '.value' function.
Perform element substitution to replace JS-based obfuscated fields with unsafe password fields.

The extension does not contain obvious malicious code, so it evades static detection and does not fetch code from external sources (dynamic injection), so it is Manifest V3-compliant.

Notable website examples of lack of protections highlighted in the report include:

gmail.com – plaintext passwords on HTML source code
cloudflare.com – plaintext passwords on HTML source code
facebook.com – user inputs can be extracted via the DOM API
citibank.com – user inputs can be extracted via the DOM API
irs.gov – SSNs are visible in plaintext form on the web page source code
capitalone.com – SSNs are visible in plaintext form on the web page source code
usenix.org – SSNs are visible in plaintext form on the web page source code
amazon.com – credit card details (including security code) and ZIP code are visible in plaintext form on the page's source code

Finally, the analysis showed that 190 extensions (some with over 100k downloads) directly access password fields and store values in a variable, suggesting that some publishers may already be trying to exploit the security gap.

Show off your Android: the Home Sweet Home(screen) Edition! in c/android@lemdro.id
[–] TheCreeperFace@lemmy.dbzer0.com 2 points 1 year ago

it's on the simpler side

What is your ratio? 😅 in c/piracy@lemmy.dbzer0.com
[–] TheCreeperFace@lemmy.dbzer0.com 3 points 1 year ago

upload 1.3TiB download 238GiB ratio 5.6 did a fresh windows install 2 weeks ago also where does qbittorrent store the statistics

Moving data from iCloud may need to be made easier, by EU law in c/apple_enthusiast@lemmy.world
[–] TheCreeperFace@lemmy.dbzer0.com 10 points 1 year ago* (last edited 1 year ago) (3 children)

it's not only icloud it's a law that would apply to any cloud service but that doesn't sound click baity enough

view more: ‹ prev next ›