Aldileon

joined 1 year ago
[–] [email protected] 3 points 8 months ago (5 children)

Das war auch meine Idee warum ich es hier gepostet habe. Mir fällt nur ein, dass Ö über die EU Druck auf die Ukraine macht weiter durchzuleiten. Ansonsten lieber jetzt schon n Gastarif mit langer Preisbindung suchen, denn wenn wir uns über den europäischen und LNG Mark Gas holen müssen wird das richtig hoch gehen

[–] [email protected] 4 points 8 months ago (1 children)

Bin zu jung um dabei gewesen zu sein: was war da ähnlich?

[–] [email protected] 5 points 8 months ago (3 children)

Solange sie der AFD stimmen wegnimmt ist's gut

[–] [email protected] 1 points 8 months ago (4 children)
[–] [email protected] 19 points 8 months ago (3 children)

Jemanden aus ner Partei zu schmeißen ist halt ziemlich kompliziert

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago)

The company apparently sees these leaks not as a data breach, but as a violation of site rules. Well, I'm taking on a bit of the role of enlightening the public then; If the source of the leak is solely "credential stuffing attack," why haven't you taken measures against it even in 2023? There's only one login service on web and mobile platforms; why didn't you use captcha, turnstile, etc., there? Despite knowing that the user:pass data of 92 million users of MyHeritage, where many of your joint common members, including your CEO, are known to be, has been circulating for years, you took no action.

What's worse, there's no need for email verification even for a user to download raw data. Additionally, you don't necessarily have to download to obtain raw data. There are three different methods possible to take raw data directly from the db without downloading it. Is it the members' fault if your sense of security is terrible? What a foolish defense!

To extract data in this way from 14 million people, at least 100,000 credentials are needed because most members have common relatives. How did you not notice that 100,000 of your customers' accounts had been accessed? How did you not detect this while millions of data belonging to other users were being scraped? Why didn't you define a rate limit rule based on endpoint or parameter?

Suppose I did scrape profiles through the hacked accounts in the shared relatives list. But what about other vulnerabilities?

[–] [email protected] 18 points 8 months ago (1 children)

Ok then this needs better strings

[–] [email protected] 8 points 8 months ago (4 children)

Verstehe nicht den Zusammenhang mit bekifft sein. Ballons sind ein häufiges Problem bei Tunneln mit Oberleitung

[–] [email protected] 4 points 9 months ago (1 children)

Es geht immer schlimmer

[–] [email protected] 3 points 9 months ago (1 children)

Ganz schön hell für Mitternacht

[–] [email protected] 5 points 9 months ago
 

Wollen wir hier auch einen Megathread mit den neusten Entwicklungen machen?

view more: ‹ prev next ›