TheCreeperFace
@TheCreeperFace@lemmy.dbzer0.com
- Comment on Deadlock (Valve's Unannounced Title) Passes 12k Peak Players in Closed Alpha 4 months ago:
from the 1 video I saw more like Paladins with Smite item shop
- Comment on Is there some sort of Indie Game Showcase? 9 months ago:
Not exactly what you’re asking for but you can check out Wanderbots on youtube dude plays almost exclusively indie games. Don’t expecte play throughs almost never finishes the games but it’s not a bad way find niche games.
- Comment on Chrome extensions can steal plaintext passwords from websites 1 year ago:
TLDR of sorts
To test Google’s Web Store review process, the researchers decided to create a Chrome extension capable of password-grabbing attacks and try to upload it on the platform.
The researchers created an extension posing as a GPT-based assistant that can:
Capture the HTML source code when the user attempts to login on a page by means of a regex. Abuse CSS selectors to select target input fields and extract user inputs using the '.value' function. Perform element substitution to replace JS-based obfuscated fields with unsafe password fields.
The extension does not contain obvious malicious code, so it evades static detection and does not fetch code from external sources (dynamic injection), so it is Manifest V3-compliant.
Notable website examples of lack of protections highlighted in the report include:
gmail.com – plaintext passwords on HTML source code cloudflare.com – plaintext passwords on HTML source code facebook.com – user inputs can be extracted via the DOM API citibank.com – user inputs can be extracted via the DOM API irs.gov – SSNs are visible in plaintext form on the web page source code capitalone.com – SSNs are visible in plaintext form on the web page source code usenix.org – SSNs are visible in plaintext form on the web page source code amazon.com – credit card details (including security code) and ZIP code are visible in plaintext form on the page's source code
Finally, the analysis showed that 190 extensions (some with over 100k downloads) directly access password fields and store values in a variable, suggesting that some publishers may already be trying to exploit the security gap.