If you don't make security a top priority, you will get breached. If you take nothing else away from this letter, let it be those words.
Let's talk, furries.
As we all know, FurAffinity got hacked not too long ago. Rather than rehash the events as they're still unfolding, let's just call it a grease-fire that the staff are desperately trying to put out by
| <?php | |
| declare(strict_types=1); | |
| $password = 'OwO what\'s this?'; | |
| $alg = SODIUM_CRYPTO_PWHASH_ALG_DEFAULT; | |
| $opslimit = SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE; | |
| $memlimit = SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE; | |
| $salt = 'YIFFYIFFYIFFYIFF'; |
This code snippet will allow anyone to independently verify the claims of this blog post.
Proctorio is violating Google's Policies about code obfuscation.
| <?php | |
| /** | |
| * Usage: Run this from the command line to generate a secure passphrase in the format | |
| * of stereotypical bottom keymashing. | |
| * | |
| * php bottom-responder.php | xclip | |
| * | |
| * Why? Because furries ruin everything, including bottom jokes. | |
| */ | |
| function random_str(int $length, string $charset): string { |
This is the full email message I received in this screenshot: https://twitter.com/SoatokDhole/status/1486708637422735361
Read more:
2024-05-15: I took a quick look at the Matrix source code. I identified two issues and emailed them to their security@ email address.In my email, I specify that I plan to disclose my findings publicly in 90 days (i.e. on August 14), in adherence with industry best practices for coordinated disclosure, unless they request an extension in writing.
2024-05-16: I checked something else on a whim and find a third issue, which I also email to their security@ email address.
2024-05-17: Matrix security team confirms receipt of my reports.
2024-05-17: I follow up with a suspected fourth finding–the most critical of them all. They point out that it is not actually an issue, because I overlooked an important detail in how the code is architected. Mea culpa!