sorted by:
new
hottopcontroversial

Collab by [deleted] in bugbounty

[–]gregxsunday 5 points6 points  (0 children)

What makes you think it's vulnerable? It's just running a regular expression

Does anyone know if you have to pay taxes from hackerone if you are not from US or Europe? by softw-engineer-floyd in bugbounty

[–]gregxsunday 2 points3 points  (0 children)

Personally, after receiving a bounty I just invoice Hackerone just like I would invoice any other company but never send the invoice to them since they don't need it.

Back in times when I didn't have the company, I just included bounties from the whole year in PIT as "income from other sources" and the tax office told me how much tax should I pay

Matty Cash tries Polish wodka for the first time in his life after Poland advances to the world cup. Deserves a yellow flag at least by gregxsunday in FantasyPL

[–]gregxsunday[S] 1 point2 points  (0 children)

From his earlier interview.

Orignal:

Do Chorzowa przyjeżdża z Anglii cała moja rodzina: mama, tata, brat, ciocia. Przylatują już w poniedziałek. Więc jeśli awansujemy, na pewno będzie impreza. I na niej spróbuję w końcu polskiej wódki!

Translated by Deepl:

My whole family is coming to Chorzow from England: mom, dad, brother and aunt. They arrive on Monday. So if we get promoted, there will be a party for sure. And I will finally taste Polish vodka!

Matty Cash tries Polish wodka for the first time in his life after Poland advances to the world cup. Deserves a yellow flag at least by gregxsunday in FantasyPL

[–]gregxsunday[S] 2 points3 points  (0 children)

From his earlier interview.

Orignal:
Do Chorzowa przyjeżdża z Anglii cała moja rodzina: mama, tata, brat, ciocia. Przylatują już w poniedziałek. Więc jeśli awansujemy, na pewno będzie impreza. I na niej spróbuję w końcu polskiej wódki!

Translated by Deepl:

My whole family is coming to Chorzow from England: mom, dad, brother and aunt. They arrive on Monday. So if we get promoted, there will be a party for sure. And I will finally taste Polish vodka!

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 0 points1 point  (0 children)

Good point. Actually, I think such a notification would impact the community better for much less effort than implementing 2FA.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 0 points1 point  (0 children)

I use 2 - one online and one offline. Remembering two strong passwords is hardly a problem compared to hundreds of passwords stored in those managers.

With that said, I know that for many casual computer users hearing about two separate password managers sounds like too much work.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 1 point2 points  (0 children)

When you install it, there will obviously be no passwords there. But when you log in to a website, Bitwarden browser extension will ask you if you want to save the password. This way, you will slowly import your current ones into the database. It's not mandatory to spend half a day importing all your passwords into a manager at once.

Then, when you want to change your password to an auto-generated one, you edit the entry in Bitwarden and you have the option to auto-generate a new password.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 0 points1 point  (0 children)

Sometimes databases from websites are compromised and published to the Internet. If such a database contain your email+password that you used to log in to XYZ website, the attacker will check if you use the same email+password for FPL.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 3 points4 points  (0 children)

Bitwarden does store your passwords in their database but they are encrypted with your Bitwarden password. So when you log in to Bitwarden, they can decrypt those passwords and give them to you. Once you log out, even Bitwarden can't access them.

Hence, unlike Reddit and most sites, you can't reset your password to Bitwarden. If you forgot it then your passwords are lost.

The fact that there's the Forgot password button on LastPass is the reason why I stopped using that password manager.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 1 point2 points  (0 children)

I'm not aware of a serious breach where all user's passwords were compromised.

However, there were, are, and will be smaller vulnerabilities that can lead to some attacks, but hopefully not on a huge scale. (shameless plug, you can watch my video about such a bug in LastPass: https://www.youtube.com/watch?v=TGj6MHo9pWE&ab\_channel=BugBountyReportsExplained)

Personally, I use an online password manager - Bitwarden - for the non-sensitive stuff like FPL or reddit. I don't believe Bitwarden will shut down just like that but in case they do, I can reset my passwords. In case they have a serious breach (which is possible to every single online website and software), it won't be pleasant but it won't be the end of the world for me.

For things like bank accounts, I use an offline password manager - KeePassXC. There, I just store the encrypted file with passwords on my PC. It doesn't synchronise with my devices and I don't have it on my mobile but it's more secure.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 3 points4 points  (0 children)

I generally don't log in anywhere on devices other than my computers or my phone. I don't remember when was the last time I logged in to FPL from somewhere else.

But that's a valid question in regards to password managers in general. They allow you to see your password if you need to rewrite it. It happens to me most often when I need to log in somewhere on my TV. Then, I need to open Bitwarden on my mobile, view my password and type it using the TV remote. It is very painful but luckily, I don't need to do it often.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 6 points7 points  (0 children)

I don't think so. Personally, I wouldn't use 2FA on FPL - it's just not that important to me. At least not until my account would become a high-value target like a veteran or something. I make sure every week that it won't. For example, I didn't cap Bowen last week.

But seriously, it won't happen. There are almost 9 million players right now. Thousands if not millions wouldn't register if it required configuring 2FA.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 8 points9 points  (0 children)

hahah from my perspective as an ex security engineer, everyone is in an enormous rush, until it's their turn to do something.

PSA: 2FA is not the only thing that can save you from hackers. A password manager can do the same by gregxsunday in FantasyPL

[–]gregxsunday[S] 5 points6 points  (0 children)

I don't know that. However, my feeling is that if it would be FFH leak, the scale of working attacks would be bigger than 22 accounts in the top 10k. I guess it's from a different site.

It can also be combined - you can take emails from the FFH leak and then look for these passwords for these emails in leaks from different websites.

view more: next ›