@bjb @suprjami ooooh I hadn't notice that detail! I...

All posts Jamie's posts Post Back to profile

Top-level

Enara :potion_genderfluid:❔

@bjb @suprjami ooooh I hadn't notice that detail! I was going for the @ in the address

Like 7 Jun 2023 at 12:56 | Wall-to-wall | Open on tech.lgbt

5 comments

Rose, The Sword Vixen

@EnaWasHere @bjb @suprjami My guess as well.

7 Jun 2023 at 13:29 | Open on mastodon.social

👁️

@EnaWasHere @threetails @suprjami @bjb Both are true. Fake slashes make everything before the @ a “username” and v1271.zip the domain name.

7 Jun 2023 at 17:42 | Open on mastodon.gamedev.place

Captain Dragonfrog Queernabs

@EnaWasHere @bjb @suprjami it's the @. Everything between http(s):// and @ in interpreted as a username and potentially a password, the part after the @ is the host and path.

7 Jun 2023 at 14:20 | Open on mastodon.sdf.org

Jon Ribbens

@dragonfrog @EnaWasHere @bjb @suprjami That's not quite right, the username/password part cannot contain (amongst other things) forward slashes. This attack is relying on using a unicode character that looks like a forward slash but isn't one.

7 Jun 2023 at 14:55 | Open on mastodon.social

Captain Dragonfrog Queernabs

@jribbens @EnaWasHere @bjb @suprjami I see, it's both the @ and the pseudo-slashes. Thanks for pinning that out.

7 Jun 2023 at 15:37 | Open on mastodon.sdf.org

Go Up