underisk

BW06: Icon URL Item Decryption. Items can include a URL field, which is used to autofill the credentials and display an icon on the client. The client decrypts the URL and fetches the icon from the server, including in its request the domain and top-level domain of the URL. For instance, if the URL is “https://host.tld/path%E2%80%9D, the client request includes “host.tld”. This means that the adversary can learn (part of) the con- tents of URL fields. Using Attack BW05, an adversary can place the ciphertext of sensitive item fields, such as a user- name or a password, in the encrypted URL field. After fetch- ing the item, the client will then decrypt the ciphertext, confus- ing it for a URL. If the plaintext satisfies some conditions (i.e. containing a ‘.’ and no !), it will be leaked to the adversary. A URL checksum feature was deployed in July 2024, mak- ing the clients store a hash of the URL in another encrypted item field, therefore providing a rudimentary integrity check and preventing this attack. Note that old items are never up- dated to add such a checksum: this feature only protects items created after its introduction. Furthermore, URL checksums are only checked if a per-item key is present for the item. As we will see, an adversary can prevent per-item keys from being enabled with Attack BW10.

IMPACT. The adversary can recover selected target ciphertexts in the item, such as the username or the password.

REQUIREMENTS. The user opens a vault containing items that do not use per-item keys (i.e., items created before July 2024, or after Attack BW10 is run). The target plaintext must satisfy some additional conditions, detailed in Appendix

-- from the paper the article is discussing

So you could potentially expose your passwords to a compromised server or some kind of MITM. If they meet the conditions for the validation check, anyway.

A permanent utopia free from geopolitical influence has yet to be established under any system of government, therefore no system of government has ever worked.

Every single criticism in this post could be equally leveled against windows and its users. Especially the part about servers not being updated. Your second paragraph is also a classic example of survivorship bias.

I did this with my socks. Highly recommended

I don’t even know why they bother doing shit like this. Was anybody under the impression that mission statements matter? Just leave it; nobody cares and you’re not going to get sued over violating a non binding legally irrelevant statement. All this does is reinforce negative public perception for no benefit.

If corporations experienced consequences for being “evil” or acting dangerously they wouldn’t exist.

If your one drive folder reaches the cap it will stop you from saving files to one drive (which MS sets as a default location). Then it will ask you to pay. There is a possibility at this point that it will wipe your data if you disable One Drive before backing up your files to a non One Drive folder.

It won’t brick your computer, it’s just really pushy marketing with a chance of wiping some data.

So he used an AI tool to “organize” references and it hallucinated crap that made it into the human-written article because he never reviewed the output for accuracy.

This guy writes about AI for a living, he knows it hallucinates, and he even acknowledges the irony but never explains why he thought experimenting with AI was a good idea to begin with. Am I supposed to assume his judgment was impaired by being sick?

I thought the stripes were actually camouflage and they’re just monochromatic because the things they’re hiding from have poor color vision.

You don’t need to apologize. It’s a good game worth recommending as long as you don’t pay that guy for it.

They're just doing meow sounds for the cats. It's not even worth the controversy he caused by doing it. Could have literally recorded himself meowing as he suggested and no one would have known or cared.

The only reason I even checked out a game named "Mewgenics" was because it was Edmund. I put up with his (literal) shit in Isaac because both it and this game are very well designed from a gameplay perspective. Not gonna reward putting murderers, rapists, and genocidal zionists in a game about doing cat eugenics though.

humor of a twelve year old with the morals of a south park character.