Seems like a good idea to put that there. People who know what they’re doing won’t be bothered by it, but it might save a few people from getting hacked
Yeah, but when a man really wants to see some Instagram models private nudes, he’ll ignore all those warnings and then some.
You see it all the time with banking, where somebody has literally had the bank ring them up to ask them if they really know the person they’re sending money to, and that they think they’re being scammed, and they push on regardless getting angry with the bank, only to be all surprise Pikachu in the papers when they are, unsurprisingly enough, scammed.
Hacker: That’s ok, we don’t want you to paste stuff in there, we just want you to send us your cookies. It’s not like you’re eating them anyway…
I’m admiring the ASCII art - great usage of different characters to smoothe out the outline of the text
Firefox has a built-in warning against pasting. I think Chromium too. I don’t think they warn about account theft, though.
What would a pasting attack look like and how would it work?
Now what most people don’t know is that websites can insert arbitrary text when you copy stuff of them. A malicious site will abuse that.
It works like that:
You follow a tutorial online or search for a code snippet. You copy some code/said snippet and paste it into a terminal or the browser command line. This copied text is altered by the site to be a one line command to install malware or grab passwords or cookies. All of that is followed by a line break and maybe your real command to lower suspicion.
Some of the terminal or browser shells interpret a line break in the copied text as enter which then executes the command.
To prevent that, get a shell, that doesn’t just execute what you paste (fish shell) or a terminal program, that warns you about line breaks (Moba xterm).
And please check text from unknown sites before pasting it into a program that may execute it right away. (Just paste it into a text editor or look at your clipboard manager like Win+V in windows)
Chromium now requires you to type a string inside the console before it lets you paste anything.
Soon browsers will require you to implement fizzbuzz in the console before enabling paste 😅
Honestly, a Modulo-Captcha wouldn’t be that bad of an idea?
Sure, it’s not really “non-dev-proof”; but I guess a simple “To enable pasting, please type result to the following formula: 5%3” would at least stop some people that will glady ignore the warning because obviously nobody wants to let you hack other Facebook accounts, but those guys told me it’s fine - but will already be confused and then feel smart by entering 0.15 because 5% of 3 is 0.15 … and wonder why it doesn’t work
