PastaGorgonzola

@PastaGorgonzola@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Snopes Shows the Folly of X’s New Link Presentation⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Not sure what part you don’t understand, but I’ll try and help: Snopes (a fact checking website) shows that the way links are displayed nowadays (the new link presentation or new way links are presented) on X (formerly Twitter) lacks any sense -> snopes shows the folly of it.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Unless you have siblings. Then you’re the less successful evolutionary branch that died out.
⁨Comment⁩ on ⁨Larion Studios forum stores your passwords in unhashed plaintext.⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

I’m going to have to stop replying because I don’t have the time to run every individual through infosec 101.

Sorry, but you’re missing the point here. You cannot do anything with a password without storing it in memory. That’s not even infosec 101, that’s computing 101. Every computation is toggling bits between 1 and 0 and guess where these bits are stored? That’s right: in memory.

The backend should never have access to a variable with a plaintext password.

You know how the backend gets that password? In a plaintext variable. Because the server needs to decrypt the TLS data before doing any computations on it (and yes I know about homomorphic encryption, but no that wouldn’t work here).

Yes, I agree it’s terrible form to send out plain text passwords. And it would make me question their security practices as well. I agree that lots of people overreacted to your mistake, but this thread has proven that you’re not yet as knowledgeable as you claim to be.