nope they want you to pay 6$ for “conversion fee” to convert btc to usd (probably going to ask for more and more until you give up or your wallet is drained)
Something I just thought about for the first time: the sheer amount of spam content everywhere (website comments, mails, bots) seems to indicate that there must be ungodly amounts of money being made but I rarely see politicians actually talk about the topic and doing something against it.
I’m not 100% sure what you’re asking, but spam is generally a very low margin, very high volume kind of business. So I wouldn’t assume these people are making ungodly amounts of money. I did a bit of searching and found estimates on the order of $200 million per year for spammers and spam-advertised businesses combined. Sure, it’s not nothing. But on a global scale that’s not necessarily ungodly amounts.
Compare for example revenues in the illegal drug trade, which globally accounts for hundreds of billions of dollars yearly.
One of the major issues with creating legislation to block spam emails (and spam phone calls) is that it would also impact the fundraising capabilities of political parties.
Politicians don’t talk about spam, because politicians use spam to raise money money for their campaigns.
"framework", found your problem. Frameworks save time by ignoring how code works. Folks taught upon a Framework have no real idea what its produced code does.
All observations support it. All reviewed generated bloatware supports it. I'll stand by my, assumptions, until there is any direct evidence against them discovered.
Typically the security conscious webdev still needs to define an API to their database. It’s bad practice to let users hit the DB directly.
Now, if you hack the API then sure you can start hacking the database, but first you have to hack the API to the database which raises the costs of cyberwar
You have a database driver that takes care of communicating with the database.
In the bad old days (pre-early 2000s) the only way they knew how to do that was plain old SQL strings so you passed a string that contained both the data and the instructions on what to do with it.
Now you SHOULD be writing prepared statements that contain the instructions then passing the data separately to fill in the placeholders in the prepared statement via the driver (NOT via modifying the string).
<span style="color:#323232;">// DO NOT DO THIS
</span><span style="color:#323232;">execute("INSERT INTO foo VALUES ('a', 'b', 'c')")
</span>
vs
<span style="color:#323232;">// DO THIS
</span><span style="color:#323232;">executePrepared("INSERT INTO foo VALUES (?,?,?)", "a", "b", "c")
</span>
It’s a common problem for the same reason that it’s a common problem for people to have precision errors when doing math with currencies… People write the wrong code because they don’t know any better (in that case using float or double/floating point math instead of a BigDecimal type).
Not filtering out characters that could be part of URL has no bearing on whether or not the site is properly protected from SQL injection. I’m much more often worried about sites that explicitly filter out certain characters because it likely means they don’t understand what they’re doing (similar to sites that insist on annual password changes).
The fact that people are arguing about this shows how much of an issue we have with education on this topic.
Because it’s literally impossible for SQL injection to occur if you do this. The database has already compiled the operation. There’s nothing to escape, there’s no more logic that can be added, you’re free to insert arbitrary gook just like you can into any old array.
Somebody created an account at MyEpson with OP’s email address and the name “GET BITCOIN NOW link”, which sends a confirmation email to OP with that name. Basically it’s spam using Epson as a trojan horse to get past filters.
it’s a valid name but it shouldn’t add the hyperlink… wait a moment…
*** went to check the source of the emails that i received ***
the senders (i’m targeted by an asshole that did this on hundreds on sites) DIDN’T add any hyperlink, this is a huge security issue by gmail: they’re automatically adding hyperlinks! This is very stupid, especially with the new google domains .zip and .mov. Someone sends an email like “attached there’s bank-statement.zip” and then gets phished
I was just going to point out that it’s the responsibility of the email service to filter that as well.
It was a big bug ticket at my company, that our email service kept automatically turning plaintext to links like www.example.com for convenience. We couldn’t fix it on our side at all.
Edit: lol either Lemmy or my Lemmy app also turns plaintext links into real links! www.Rofl.lol
You’ve landed on this page because you followed a link for a .zip file. This domain was registered to prevent its misuse for potentially harmful or malicious activities.
Well, what do ya know. There’s still some good guys out there.
nevertrust user input. the web site should be looking for and filtering this shit out.
the other one (the submission page at the university, was right above this one in my 'all' feed) shows it better--with a full valid link in a text box. should be filtered and rejected by the form submission handler and never inserted into the database. in the case of no 'http' as part of it, links still follow a format, and those should be rejected too.
mod_security filters that shit out on my sites, the rules on what's allowed in a form field hardly ever get 'tested' anymore since i turned that on.
We’re going in circles. How do you know a name that looks like a link is actually a link or a real name?
How do you solve that problem in a way that names that look like links are still accepted?
Plus the way email clients parse plain text is not the university’s website’s responsibility. Today, it’s links. Tomorrow, it’s “embedded AI prompts” or “mini-QR codes,” or “new format telephone numbers,” etc.
Add comment