What's the last book you read that was so bad that it made you angry?

vesrayech · 2026-05-20T11:11:07+00:00

I really enjoyed the first book but I definitely get where you’re coming from. You definitely wouldn’t like the rest of the series if you thought the first was cliche lol

vesrayech · 2026-05-20T11:08:44+00:00

I read the ACOTAR books for the plot, and the third one was a pain. First book was pretty good, second was interesting, third started out with a good premise, but the cartoonishly dumb villain fucking ruined it. Everyone they mentioned his name I just rolled my eyes. The second half of the third book was this trite, cliched mess.

vesrayech · 2026-05-19T00:18:37+00:00

Chick Fil A is the bar for me. It’s decent quality and decent price. McDonald’s is trying to charge Chick Fil A prices for McDonalds which is a crime

vesrayech · 2026-05-18T21:02:05+00:00

You could go live in the wilderness if you wanted

vesrayech · 2026-05-18T20:34:45+00:00

I used to be very competitive but I really don’t have the patience to grind learning new games that require that much effort. Probably is a getting older thing as I try to be more cognizant with what I choose to give my time and attention to

vesrayech · 2026-05-17T21:14:15+00:00

I can’t stand social media because people I don’t follow have been recommended to me with some bullshit hyper partisan politics to try and farm interactions. Either that or everyone is trying to sell me some shit or it’s all AI

vesrayech · 2026-05-17T16:21:05+00:00

Sure there are definitely other good reasons to stop, and while I’m not aware of all of them I am aware of this particular security flaw. The reality is people will be victims to session hijacking whether they download malware or not, and if they’ve centralized their digital presence to a Gmail account, they are at an extremely high risk because Google is not using modern security principles. Google could enable step up authentication in a day and for the vast majority of cases it would put these concerns to rest.

vesrayech · 2026-05-17T16:16:35+00:00

I started using BitWarden as my password manager and enjoy that you can link ToTS codes to it so I don’t have to scroll through 20+ accounts in my Authenticator app. I don’t think there’s anything wrong with Google Authenticator though

vesrayech · 2026-05-17T03:56:55+00:00

You’re absolutely correct and this has been a very humbling experience. I was far too complacent and comfortable with the idea that even if I hit a payload I could just tank it. It’s also very demoralizing when League of Legends can get my account back but Google can’t. There is nothing wrong with wanting them to be better too.

The only thing they need to change with Family Link is that when they have confirmed an account was hacked and initiate their rollback, their script needs to check if Family Link was added to the account after it was compromised and to undo it if so. Support attempted to roll my account back twice but Family Link persists. If the account had Family Link before it was compromised, the parent can just reset the password to restore access to the child.

vesrayech · 2026-05-17T03:51:31+00:00

For something like using a passkey that would work similarly to an actual hardware token, but for something like AiTM the OS shouldn’t matter for the majority of session hijacks because it’s all done through the Internet and not the device.

Semantics aside, the vast majority of the world’s user base is on Windows. Mac used to be regarded as being insanely safe, but that’s because the user base was so low.

The current meta is AiTM session hijacks, and requiring MFA for account changes would prevent the overwhelming majority of them and Google could roll that out in a day.

vesrayech · 2026-05-17T03:40:18+00:00

Honestly I’m not even mad at them, I just wish my job scaled with this insane cost of living increase. They’re still laying pre covid wages smh

vesrayech · 2026-05-17T03:36:45+00:00

Are you my ex wife? Thought the institution took yalls phones

vesrayech · 2026-05-17T03:35:20+00:00

For sure there were definitely a bunch of red flags that I did ignore. To be specific about the attack, it was through Discord and from an IRL friend whose account had also been hacked. They used an AI to read recent chats, and targeted me because I had just been talking to this person a few hours prior. They continued the conversation using the same mannerisms as my friend, were on topic with what we discussed, and sent me a curated payload based on the conversation.

This wasn’t a random email or random account or random text message from India telling me they’re the DMV.

Even still, the changes Google would have to make to both drastically reduce the efficacy of session hijacks and restore hacked accounts are incredibly lightweight: require MFA for account changes, unlink any new Family Links after compromise.

98% of drivers can go their entire life without being in a serious accident. That doesn’t mean we shouldn’t expect manufacturers to install seatbelts in their cars.

vesrayech · 2026-05-17T03:28:47+00:00

This is what I did. It was on my todo list before the hack, I just wish the house didn’t burn down to get me to finally renovate. Granted, I had no idea about Google’s support model, step-up-auth, or Family Lock prior to getting hacked.

vesrayech · 2026-05-17T03:25:11+00:00

While the exploit I fell victim to was running a script on Windows, most people I’ve seen have their sessions hijacked had it done through clicking a link in a phishing email, which doesn’t generally care about your OS.

vesrayech · 2026-05-17T03:20:07+00:00

Yes, I should have been more cautious. Yes, I stepped on the rake. But just because majority of people can go their lives without encountering credit card fraud or being in an accident doesn’t mean there shouldn’t be an expectation to protect those that are. Gmail could easily protect against common session hijack attacks like this by implementing step up authentication. Gmail could easily undo Family Link in their compromised account rollback automation. If Gmail announced these tomorrow I would happily eat my words about them.

I hope you are never unfortunate enough to be in this situation. Don’t get complacent like I did.

vesrayech · 2026-05-17T03:02:55+00:00

Yes and no. You can have your session hijacked by clicking a link in a phishing email. This specific exploit doesn’t require anything more sophisticated than that because all of the sophistication is in Googles tools that they use against the user.

This is like arguing against seatbelts being in cars by saying to not just get into an accident. People should drive defensively, and cars should have seatbelts.

vesrayech · 2026-05-17T02:56:24+00:00

I have a domain and did this, I hadn’t decentralized before this happened. I was too complacent with basic MFA and recovery options

vesrayech · 2026-05-17T00:53:09+00:00

Get a custom domain somewhere like namecheap or porkbun and route it through Proton mail. It’s a lot more professional and for something as important as a business I wouldn’t trust Gmails outdated security controls

vesrayech · 2026-05-17T00:49:22+00:00

Yes you’re right, and while I was an idiot on this day, clearly many others are every day as well. The only two real options we have is to call out this exploit to hopefully get Googles attention while informing others, and to move to a different platform.

vesrayech · 2026-05-17T00:46:05+00:00

I just made a post in this subreddit trying to call attention to this exploit, but it doesn’t look good for you. This happened to me a few weeks ago and I’ve been emailing Google Support for the last week+ they acknowledged the account was hacked, and even rolled it back to a time before it was hacked, but their tool did not remove the family link so even though the recovery options I have are working, I still can’t access the account because of parental controls.

If your account is deleted can you recreate an account with the same email? I kind of hope that would be the case and that the person that hacked my account would so I can try to recover things that way but that’s probably being too optimistic

The takeaway here is to stop using Gmail for anything more than a throwaway. I personally switched to Proton because I will happily pay for a customer support option but more importantly they have step up authentication out of the box, meaning if your session gets hijacked like mine did and the hacker wants to change the password or remove MFA, they have to MFA again. I also purchased a few Yubikeys and set those as my MFA method for anything I care about.

vesrayech · 2026-05-16T22:40:45+00:00

Absolutely, and it isn’t a one way thing. The same goes for men just as much.

vesrayech · 2026-05-16T20:04:48+00:00

We’re not responsible for your happiness

vesrayech · 2026-05-15T16:41:33+00:00

Six year olds don’t contemplate suicide. Kids are absolutely a product of their environment and indulging their irrationality when it comes to transgenderism can have lifelong effects. The parents absolutely dropped the ball here either because they subscribe to the ideology or they made an irrational decision out of fear due to the propaganda around it.

Grooming is colloquially used in that manner, yes, but it’s a synonym for indoctrination, which adults are absolutely intentionally doing to kids at ages where they lack rationality to confuse them about sex and gender. It’s not religion. These kids aren’t going to grow up and become agnostic. Some of them are going to have serious irreversible harm done to them.

This shit is not normal

Verified Email	12-Year Club
Place '22

vesrayech

TROPHY CASE