Sleepkever @ Sleepkever @lemmy.zip

Posts

0
Comments

2
Joined

1 mo. ago

24h ago

Zero-Day Vulnerability allow attackers to steal users data Found in Password Managers( 1Password, Bitwarden, LastPass, Enpass, iCloud Passwords, and LogMeOnce remain unpatched— still vulnerable)

Jump

The attack vector is an autofill function on a compromised website that has attackers javascript running either injected in a webpage or on a subdomain hosting user content. Since autofill will never fill passwords from another domain, others won't be at risk. But why bother with clickjacking at that point, you could just have your malicious script read the password values silently once the user enters it, password manager or not. That's not a password manager problem, that's the problem of the vulnerable website.

The one which is actually dangerous that shared all password for all domains actually had a bug bounty awarded to the guy and is now fixed, good for him on finding that. The rest is really a non issue , I wouldn't worry that much.

Though credit card details and personal user info autofill might be problematic since those are not site-bound. I would either disable those or just not store them in the password manager.

1mo ago

How did websites like TinEye recognize cropped photos of the same image (and other likened pictures), without the low-entry easyness of LLM/AI Models these days?

Jump

Looking up similar images and searching for crops are computer vision topics, not large language model (basically text predictor) or image generation ai topics.

Image hashing has been around for quite a while now and there is crop resistant image hashing libraries readily available like this one: https://pypi.org/project/ImageHash/

It's basically looking for defining features in images and storing those in an efficient searchable way probably in a traditional database. As long as they are close enough or in the case of a crop, a partial match, it's a similar image.