reddit General

  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Mr E. Grifter said:
In defense of Reddit...

These attacks are low effort, potentially high reward, and virtually free. They are used because they work, and no matter how good the cyber security of an organisation is, people are always a vulnerability that can be exploited.

People in governments, militaries, corporations fall for this shit on the daily.
Click to expand...
I disagree.
I think they should implement an IP check or some form of 2 factor auth AT LEAST before you are able to access the source code for the website, along with employee personal info.
Dumbass employees will fall for phishing attacks, but it is important to mitigate the damage from this as much as possible with extra security steps.
Reddit being breached with a low-effort phishing attack like this is a total humiliation.
My steam account that I use to play Cuckold Simulator is more secure than the back-end of this ten billion dollar company.
 
Last edited:
Duraznito said:
They got hacked lmao

old.reddit.com

We had a security incident. Here’s what we know.

**TL:DR** Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were...
old.reddit.com old.reddit.com
Click to expand...
This is literally the easiest attack to pull off. Any 12 yr old can download Kali, clone the intranet portal, send to tranny janny, and get a W. There’s been 100 million tutorial videos on YouTube for this method for 10 years.

Amazing.

Makes me wonder what a physical penetration test at their offices would yield. I bet I could just walk in to any area so long as I’m holding an iPad and look like I belong.
 
Symalsa said:
This is literally the easiest attack to pull off. Any 12 yr old can download Kali, clone the intranet portal, send to tranny janny, and get a W. There’s been 100 million tutorial videos on YouTube for this method for 10 years.

Amazing.

Makes me wonder what a physical penetration test at their offices would yield. I bet I could just walk in to any area so long as I’m holding an iPad and look like I belong.
Click to expand...
Meanwhile at reddit HQ.....


It legitimately works more often than people realize. Case in point: I could literally put on my old security uniform, walk into the local hospitals ER, tell the guard working the ER desk that I have a shift in the psych ward and i'd be handed an access key card granting high level access, let out through the ER exist into the hospital and ignored. Nobody would question me. Not security, not staff, not doctors, not anybody so long as I acted like I belonged and didn't do anything overtly stupid to imply I didn't. Thats how easy it would be for me to get full access to restricted areas of the hospital. Act like you belong and people will assume you do. Stop and think what kind of dangerous shit that could lead to if someone figured that out and had a mind to do something malicious. People are so unaware of their surroundings and oblivious to shit going on around them most of the time that they ignore even basic common sense much of the time
 
It'd be nice to see some leaked internal documents, kinda like the Twitter Files but not voluntary. I want to see proof of the corruption we all know exists.
 
Rich Evans Ayypologist said:
You know, I already hated that stupid website, but knowing that fatpeoplehate got the guillotine but these things are apparently still kosher has made me realize levels of hatred I didn't think were possible.
Click to expand...
Reddit actually will ban people for using the word "pedo" because its "transphobic" and "hate speech." At this point, I don't think of reddit admins as human beings.
 
Dear Reddit Operator Samantha Croyton (she/her),

This is an important message, please attend to it as soon as possible.

U dun goofed lol

Yours Sincerely
Yeon Wong Baw
 
Paul Pelosi's Boyfriend said:
An autistic redditor is claiming that their therapist is trying to troon him out

View attachment 4482216
Click to expand...
This poor guy has autism and anxiety, yet redditors are grooming him to be trans and poly.
1.PNG
0.PNG
link
2.PNG3.PNG

8.PNG
link
4.PNG
5.PNG
6.PNG
7.PNG
 
Woke up, logged into reddit, and it was gone. My dragon's hoard of reddit gold... I'm fucking ruined.
 
WonderWino said:
It legitimately works more often than people realize. Case in point: I could literally put on my old security uniform, walk into the local hospitals ER, tell the guard working the ER desk that I have a shift in the psych ward and i'd be handed an access key card granting high level access, let out through the ER exist into the hospital and ignored. Nobody would question me. Not security, not staff, not doctors, not anybody so long as I acted like I belonged and didn't do anything overtly stupid to imply I didn't. Thats how easy it would be for me to get full access to restricted areas of the hospital. Act like you belong and people will assume you do. Stop and think what kind of dangerous shit that could lead to if someone figured that out and had a mind to do something malicious. People are so unaware of their surroundings and oblivious to shit going on around them most of the time that they ignore even basic common sense much of the time
Click to expand...
Back when I had a hospital as a client, I pretty much was able to wander the entire, huge complex because I had a button-down shirt, dress pants and a badge and just looked like I was supposed to be there. Probably could have bluffed my way into the central pharmacy stores if I were dedicated enough.
 
Wendy's Chili said:
All they need is the link to the corporate sign-in, so they could copy the html.
The only problem with this is that the employee would know right away that they were phished, because the fake site wouldn't function properly like the corporate site would.
This is why the employee was able to "self report" the phishing, probably right away.

I'm curious to know how they tricked this retard into clicking a link to the fake site.
They probably sent him an email pretending to be corporate or something, I would guess.
This really is not very sophisticated at all. Any retard could probably do it if reddit's cybersec is this bad.

Phishing attacks are primarily aimed at senile old boomers or people with DSP-level intellect.
Very embarrassing this worked on reddit staff with this level of security clearance.
I'm sure this person earned their position fairly.
Click to expand...
Knowing the general intelligence of Reddit users it could have been as simple as the phishing domain exploited the similarity between letters in some fonts. This is pretty common with capital "I" and lowercase "l", which as I'm currently demonstrating Kiwifarms also falls victim to. This method is tried and true, but doesn't work in the farms case because the website name doesn't contain an L. I suppose you could do kiwlfarms.net, but this isn't very discreet and likely nobody would fall for that.

I know the farms aren't an attractive target but whatever, you get my point. Sans serif was a mistake.
 
WonderWino said:
Meanwhile at reddit HQ.....


It legitimately works more often than people realize. Case in point: I could literally put on my old security uniform, walk into the local hospitals ER, tell the guard working the ER desk that I have a shift in the psych ward and i'd be handed an access key card granting high level access, let out through the ER exist into the hospital and ignored. Nobody would question me. Not security, not staff, not doctors, not anybody so long as I acted like I belonged and didn't do anything overtly stupid to imply I didn't. Thats how easy it would be for me to get full access to restricted areas of the hospital. Act like you belong and people will assume you do. Stop and think what kind of dangerous shit that could lead to if someone figured that out and had a mind to do something malicious. People are so unaware of their surroundings and oblivious to shit going on around them most of the time that they ignore even basic common sense much of the time
Click to expand...
Absolutely correct. I’m just thinking I could get into Reddit under more ridiculous circumstances. Like just walking up with a ruler and say I’m hear to check the fluid levels of their lightbulbs.
 
Finger Pistols said:
Why call it a "security incident" instead of a security breach or anything else? The former makes it sound like "consent incident" , which makes it way funnier.

Probably because the post was written by a tranny and they cannot take an L, that would crush their already fragile ego and make them commit 41%. They have to frame it as "opssie, we did a fucky wucky. It was totally not our fault that some of us fell for a phishing scam".
Click to expand...
gotta blame somebody.png
 
You must log in or register to reply here.
Back
Top Bottom