Readit News logoReadit News
Vanilla_Salt commented on Apex Legends finals postponed after suffering unprecedented hack   polygon.com/24104737/apex... · Posted by u/areoform
jsheard · 2 years ago
Two players on two different teams had cheats appear simultaneously, it's quite unlikely they would both accidentally reveal their cheats at the same time.
Vanilla_Salt · 2 years ago
The overlay that appeared with the "cheats" on it was full off inside jokes too and didn't look at all serious. One of the check boxes was labelled "Vote Putin".
Vanilla_Salt commented on Fake reviews are illegal and subject to big fines under new FTC rules   washingtonpost.com/techno... · Posted by u/rrauenza
crazygringo · 3 years ago
No it won't because Amazon doesn't write any fake reviews, to the best of our knowledge.

The article and rules make clear that this applies to the companies writing and submitting fraudulent reviews, not the platforms hosting them.

(If Amazon wrote a bunch of its own fake 5-star reviews for products under its own label, then this would apply in that case. But considering how many Amazon-brand products have terrible ratings, there's no reason to believe they've ever engaged in that practice.)

Vanilla_Salt · 3 years ago
I would not be surprised if the majority of fake reviews are coming from offshore companies. Does the FTC have jurisdiction to fine those? Otherwise this changes nothing.
Vanilla_Salt commented on Android app from China executed 0-day exploit on millions of devices   arstechnica.com/informati... · Posted by u/Bender
chatmasta · 3 years ago
I'm long gone out of the mobile industry, but circa 8-10 years ago, I was aware of multiple top ranking iOS apps which were abusing OAuth login by opening the identity provider login screen inside an in-app browser, which meant they had full control over the DOM, and could e.g. circumvent Facebook protections to silently invite all your friends to the app using "invite to game" functionality. You would never know it happened because you wouldn't get any notification unless someone reached out and asked you why you sent that invite. And FB conveniently sorts friends so that the first 50 are your close contacts, which these apps could skip sending the invite to, under the assumption that your random acquaintances wouldn't bother reaching out about yet another notification they got from you.

I didn't see any of them grabbing the password, but they easily could have.

I'm pretty sure Apple has since closed this loophole by enforcing that apps perform OAuth in a browser where they can't control the DOM, but I'm not sure - I got as far away from that scene as I could...

Vanilla_Salt · 3 years ago
> I'm pretty sure Apple has since closed this loophole by enforcing that apps perform OAuth in a browser where they can't control the DOM, but I'm not sure

Apple are not restricting OAuth in an embedded web view, at least not on a software level. I have worked on an application that injected JS into the OAuth window for non malicious style purposes. It is possible they're rejecting apps from the store for this behavior, but I wouldn't know.

V

u/Vanilla_Salt

KarmaCake day3March 29, 2023View Original