That’s a lot of rice though. Looks like a healthy meal if you take away like 3/4 of that rice.

I mean, unless you do muscle training after breakfast, in which case you need carbs to replenish your glycogen levels.

Oh man, this is so not FoodPorn… I mean, looks good.

YouTube shorts are awful. Most of them are just incomplete YouTube videos.

I know this is a bad take, but my hate for PHP is why I’m in Lemmy.

Why would they need you to send a message to collect your IP? They can send any request to their servers. Plus, what can they do with the public IP? Just know your general location, that’s it. It’s not like it tells them exactly where you live.

Ah yeha, sorry, didn’t read the Mobile Services Manager. But this is a common malware attack though.

This is definetely malware. OP has probably been doing funky stuff with his phone.

Wow! Great job man!

Don’t you guys get like an incredible amount of spam via SMS? It became kinda like email but worse.

I can’t block the short numbers companies use to send SMS because they are usually using a third party SMS service. So, different companies can send messages that arrive with the same number. If I block an SMS ad, I might be also blocking an important SMS alert from my bank warning some security issue.

Oh, I see. Yeha, sending SMS here was expensive when WhatsApp showed up.

There are very weird limitations in IPhone apps. The only reason I’d buy an IPhone would be the photo quality. But I don’t take photos so mhe.

Why are you guys texting? Don’t you have WhatsApp or Telegram?

I haven’t sent an SMS since 2012. What is going on in the US?

Why the F would they kill Google Domains. Don’t they own a freaking cloud? How is having a registrar not essential when you own a cloud?

Damn, that page is so interesting. Thanks for the rabbit hole.

Holy shit, Google has ADHD.

And he thinks TL;DRs are for kids with ADHD. Totally egotistic. I’m sure his whole point can be heavily TL;DR’d.

If by location you mean IP address, the XSS script could also send the IP address of the user to the attacker. Then the attacker could do write operations spoofing that IP. They wouldn’t get a response but the write operation would be done anyways.

Maybe doing a 3 way handshake before every administrative action to ensure the IP wasn’t spoofed? Idk, I’m not a security person.

1. User sends IP and JWT + administrative action. I mean, IP is extracted from src addr, not sent.

2. Server saves the command in a cache with a TTL of 10 seconds. Then sends a randomly generated string to the user. The random string is sent in A HTTP-only same-site cookie to avoid it being read by JS scripts or being sent to external domains.

3. The user sends it’s JWT + randomly generated string cookie back to the server. The server checks the cache. If an action is found, it is executed.

Edit: actually, after thinking about it. If the XSS is not sending the JWT to a remote location but running the attack directly in the victim’s browser, there’s nothing that can be done. XSS is fucked up.

nerve.struck = true;

:)

It’s just a matter of quantity. But yeha, this is like telling a smoker that smoking is bad. There’s no point in stating the obvious.