this post was submitted on 12 Feb 2024
550 points (99.3% liked)

Mildly Interesting

17442 readers
46 users here now

This is for strictly mildly interesting material. If it's too interesting, it doesn't belong. If it's not interesting, it doesn't belong.

This is obviously an objective criteria, so the mods are always right. Or maybe mildly right? Ahh.. what do we know?

Just post some stuff and don't spam.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] glibg10b@lemmy.ml 34 points 9 months ago (3 children)

Firefox has a built-in warning against pasting. I think Chromium too. I don't think they warn about account theft, though.

[–] gornius@lemmy.world 15 points 9 months ago (2 children)

Chromium now requires you to type a string inside the console before it lets you paste anything.

[–] glibg10b@lemmy.ml 29 points 9 months ago

Firefox as well:

⚠️ Scam Warning: Take care when pasting things you don’t understand. This could allow attackers to steal your identity or take control of your computer. Please type ‘allow pasting’ below (no need to press enter) to allow pasting.

[–] mvirts@lemmy.world 21 points 9 months ago (1 children)

Soon browsers will require you to implement fizzbuzz in the console before enabling paste 😅

[–] Oszilloraptor@feddit.de 6 points 9 months ago (1 children)

Honestly, a Modulo-Captcha wouldn't be that bad of an idea?

Sure, it's not really "non-dev-proof"; but I guess a simple "To enable pasting, please type result to the following formula: 5%3" would at least stop some people that will glady ignore the warning because obviously nobody wants to let you hack other Facebook accounts, but those guys told me it's fine - but will already be confused and then feel smart by entering 0.15 because 5% of 3 is 0.15 ... and wonder why it doesn't work

[–] bamboo@lemmy.blahaj.zone 10 points 9 months ago

Before you try to enable enable vim mode in Obsidian, you're prompted to show you know how to exit vim before continuing.

[–] brbposting@sh.itjust.works 4 points 9 months ago (2 children)

What would a pasting attack look like and how would it work?

[–] glibg10b@lemmy.ml 9 points 9 months ago* (last edited 9 months ago)

JavaScript can be used to get your password (if you enter it somewhere after pasting) or a session token, which gives an attacker temporary access to your account, unless a website is designed well enough to suspect that the attacker is not you.

[–] Black616Angel@feddit.de 9 points 9 months ago (1 children)

Now what most people don't know is that websites can insert arbitrary text when you copy stuff of them. A malicious site will abuse that.

It works like that:

You follow a tutorial online or search for a code snippet. You copy some code/said snippet and paste it into a terminal or the browser command line. This copied text is altered by the site to be a one line command to install malware or grab passwords or cookies. All of that is followed by a line break and maybe your real command to lower suspicion.

Some of the terminal or browser shells interpret a line break in the copied text as enter which then executes the command.

To prevent that, get a shell, that doesn't just execute what you paste (fish shell) or a terminal program, that warns you about line breaks (Moba xterm).
And please check text from unknown sites before pasting it into a program that may execute it right away. (Just paste it into a text editor or look at your clipboard manager like Win+V in windows)

[–] brbposting@sh.itjust.works 2 points 8 months ago

Great info. Thank you!

[–] Kerb@discuss.tchncs.de 3 points 9 months ago* (last edited 9 months ago)

they even straight up disable pasting until you reenable it.

and both browsers warned about identity theft in the error message when i tried it.