Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)E

example

@ example @reddthat.com

Posts
0
Comments
56
Joined
3 yr. ago

  • Proton might recycle abandoned email addresses and the privacy risks are terrifying

    Jump

  • granted, that reduces the risk of real sensitive information being attached to linked accounts, but i'd still not be surprised if there are some accounts attached to them elsewhere if they didn't get banned prior to receiving their first email.

    i gotta admit i didn't read the source earlier though, and i agree with your points in general for bot accounts if they have been banned before being used.

  • Proton might recycle abandoned email addresses and the privacy risks are terrifying

    Jump

  • I'm sure proton would clear the inboxes before making the addresses available, so there's no risk of seeing legitimate mail meant for someone else.

    this is just completely wrong. obviously Proton wouldn't grant access to existing mails, but the new owner of the address will still receive new emails intended for the previous owner. this is where the main risk lies.

    there are most likely accounts with various services attached to these email addresses. you can discover some via data breaches, some via emails they send to you, and some you might discover via trial and error. it might even just be a service telling you that am account already exists when you try to sign up.

    combine that with most services allowing account recovery by just using email, even for the services without publicly leaked passwords, you will be able to easily recover access to the accounts and in many cases get access to sensitive information.

  • What are you all using for a 2FA token manager?

    Jump

  • that's like calling strong randomly generated passwords 1.5FA.

    with proper MFA, even if you steal my password (database), you won't be able to steal my account, as you're missing the second factor. with classic otp this is just a single use number you enter on the potentially compromised system, but if you get the seed (secret) stolen, valid numbers can be generated continuously.

    password managers (should) protect against reuse. MFA protects against logins on untrusted and potentially compromised systems/keyloggers if they're not extracted live. password managers with auto fill and phishing resistant MFA can prevent phising, although the password manager variant is still easily bypassed when the user isn't paying enough attention, as it's not even that uncommon for login domains to change. obviously there are also other risks on compromised devices, like session cookie exfiltration, and there is a lot of bullshit info around from websites, especially the ones harvesting phone numbers while claiming to require it for 2FA just to gaslight users.

  • What are you all using for a 2FA token manager?

    Jump

  • FreeOTP/FreeOTP+

    depending on your goal for this (real 2fa vs just simulated) you shouldn't have sync in the first place.

    you could also look into security keys (hardware solution, webauthn/FIDO2) as an alternative that has strong security with good user experience (no typing anymore), but they're not as widely accepted.

  • Never!

    Jump

  • that's why you always look at renewal prices and never first year prices. tld-list.com has a good comparison.

  • i didn't even store it

    Jump

  • have you tried downloading more ram?

  • Lawsuit says Clorox hackers got passwords simply by asking

    Jump

  • instead it was a user sanitization issue

  • Are you more of a "yahoo!" or a "waaaah!"

    Jump

  • because it's the same door

  • Power

    Jump

  • because printers are evil

  • Do I still get updates if I install from .deb file?

    Jump

  • you can also just check dpkg -L $installed_package_name | grep /etc/apt/ to find files that would have been installed by the package there.

  • [Solved] What just happened to 4 million posts?

    Jump

  • I think this is zerobytes.monster, one of the reddit mirror instances.

    the post count fits and it also matches with the user count not significantly dropping.

    that instance has been using rather strict waf blocking rules from time to time that likely also affect the crawler for fediverse.observer.

  • Radiation rule

    Jump

  • someone should tell them, can't be much longer until it hits

  • Airline Demand Between Canada & United States Collapses, Down 70%+

    Jump

  • “Torrenting from a corporate laptop doesn’t feel right”: Meta emails unsealed

    Jump

  • not a very informed comment.

    torrents have checksums, you can't just send someone incorrect parts, they'll get rejected.

  • This one's for the Americans

    Jump

  • In Germany 10 packs are common

  • The management of MacOS is such a PITA

    Jump

  • you asked why it happens so often, I provided a possible explanation.

    just yesterday we had a similar case where a usb ethernet adapter wouldn't work on a locked device due to a similar issue, even if that one may be more logical.

    especially when you have to follow an outdated password policy where people have to change their passwords at regular intervals you'll have such cases more frequently than when they only need to set it once until a suspected compromise.

  • The management of MacOS is such a PITA

    Jump

  • the larger a company the more cases you'll have in absolute numbers, even if the relative numbers stay the same

  • FediSearch — Easily Search the Fediverse

    Jump

  • the token is completely tied to your account.

    you can access part of your account info/settings with that as well, a while back they added an extra password prompt to some of that.

    truly anonymous searches are simply impossible unfortunately. while they claim they're not logging any searches it's impossible to verify.

  • Is there a method to see a list of seized domains?

    Jump

  • indeed