6
netikras
139d

A while ago I was asking wtf is this new trend with using 0.0.0.0 as a target address for connect()'ing TO.

Turns out, I was asking the right questions. This nonsense will soon be blocked in browsers, as it's a dumb security issue.

ref.: https://oligo.security/blog/...

Comments
  • 5
    @TenHands FYI, you're blessed with oblivion, and it's because of the paranoid security folks, that you have the luxury of living and working in an environment that seems safe and cosy. And living in that bubble one eventually comes to believe that there's nothing to worry about, that you don't need those security guys getting in your way, they aren't doing anything anyway...
  • 3
    Hot take: giving external scripts permission to contact third parties is inherently not secure, but it won't be fixed because that would break tracking and ads. Restricting access based on local/private/public domains is just a bandaid that will be a hindrance to an attacker.
  • 6
    "Windows is not impacted by this issue."

    First time reading that sentence?
  • 7
    @electrineer I think Windows has enough of its own exploits. The exploit queue is full for Windows. Remember that Simpsons where the Mr. Burns can't get sick because he has all diseases? It is like that.
Add Comment