25
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 07 Jul 2024
25 points (100.0% liked)
TechTakes
1384 readers
120 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
So remember when Google Domains got sold off to Squarespace because it wasn't profitable enough and Google has the attention span of a squirrel?
Well that meant bye bye MFA for anyone who didn't check their email diligently enough, allegedly leading to a number of cryptocurrency domains getting hacked.
The cryptocurrency aspect is mostly just funny, but Google and Squarespace should know better than to effectively disable MFA out from under people. Tech companies put profit over people all the time. And then everyone blames the people for not being hyper-vigilant about computer security.
Edit: The tweet linked in that bleepingcomputer article is funny if this was indeed the issue: https://twitter.com/pendle_fi/status/1811683909509558562
Some "defi" company realized this could be a problem 22 hours before they were hacked. Even had time to write a tool to mitigate the impact of getting hacked. Got hacked anyway. Did they uhh... IDK change their password? Make sure MFA was set up? They don't say.
"Any messages beyond this tweet from anyone claiming to be from Pendle is a scam"
33 replies from scammers. Holy shit.
I know cryptocurrency people have a weirdly high tolerance for getting scammed and blaming the victim, but the twitter spam is constant now. You'd think they'd get tired of it at some point and switch to a platform that lets them moderate better.
presumes that people know there's better possible
soapbox.gif: you see a dynamic of this sort with a lot of people who have largely only ever interacted with "the internet" through vendor-mediated apps and shit. you can often pick up on it by people that speak in frames of "this app" - the app is their gateway to that engagement, and they have never known substantially otherwise. and it's a day-vs-night type difference in experiences in so many cases! there are some sites that I outright refuse to even open on mobile simply because the anti-nagblocker/etc capabilities that I have on RealComputer with RealOS (i.e.: not some artificially hobbled shit run by a monopolist fuckwad company) just completely block the annoying shit, whereas it is almost impossible to have that experience on mobile
and for so many people, the latter type (of experience/internet) is all they ever know
hey if the cost of operations is a tweet (or an openai chatgpt api call) and the possible reward is a couple dozen suckers at $200-equiv, Von Neumann ends up with a hangover
Can't wait to find out that the Perseid meteor shower, which has inspired humanity for centuries, is actually just Von Neumann probes from a long-dead civilization that spam their equivalent of tea.xyz pull requests on any planet that has advanced to hosting source forges.
"toughened up our defenses" like adding DNS monitoring. so they just ... didn't have that before? for a user-facing public web service? cool.
(and yeah lol at how little detail the rest of this covers)
code is lol
all these libertarian pyramid schemes sit at convenient crosssection of high reward and low probability of being caught, which makes me believe that no good people were harmed in this incident
More details: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/
It sounds like Squarespace just let people take over domains without actually logging in wtf?