Technology

69491 readers

3596 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

117

Hacking Millions of Modems (and Investigating Who Hacked My Modem) (samcurry.net)

submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

This article is a great example why you should use your own router instead of ISP provided one

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 11 months ago (1 children)

I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?

Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?

[–] [email protected] 2 points 11 months ago

It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)