Technology

59151 readers

3555 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

Hacking Millions of Modems (and Investigating Who Hacked My Modem) (samcurry.net)

submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

This article is a great example why you should use your own router instead of ISP provided one

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 5 months ago (1 children)

I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?

Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?

[–] [email protected] 2 points 5 months ago

It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)