Languages don’t have goto because they mindlessly copied it.

Some necessary caveats: This kind of attack can only be pulled off in relatively narrow circumstances by a dedicated attacker. Segal said the user would need to have installed a malicious browser extension or be in transit and use public Wi-Fi where their traffic could be intercepted and decrypted through a MITM attack.

Well, okay. Maybe there’s something new here, but despite the many paragraphs of exposition, this sounds like exactly the sort of cookie stealing attack that’s been possible for decades.

Is the big breakthrough here that somebody realized FIDO doesn’t change that? Like, uh, no kidding? What’s new?

And is the backdoor actually included in the crate or is this an overhyped nothingburger?

Well, the player hand and dealer hand don’t have DECK_SIZE elements, so you shouldn’t be setting them to 0.

If you cover too much of the webcam, you won’t see the blinking light that says you’ve been owned.

This has been a problem for so long, and everyone just kind of assumes that maybe somebody else fixed it at some other layer. Nobody really thinks about it much. Usually because the poc requires certain preconditions, but they’re not that hard to find.

You like Scott Adams so much you’re unwilling to read a rebuttal to one of his posts?

Not saying it’s nothing, but most of the time I’m using the VPN to access something on a network that’s not publicly accessible, so sending my traffic to the local network won’t do much either.

But if you’re using a VPN to get out of the local network, maybe this is concerning.

Cute attack, though. I like it.