"Attackers, Trellix wrote, use the platform’s webhooks to pull data from victims’ computers and drop it into Discord channels run by the attackers."

  • ndguardian@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Honestly, I'm okay with this at least until they fix the fact that all shared files are accessible without authentication. Granted, you still had to get the link before downloading an uploaded file, but the fact that there was no authentication required to download a file uploaded to Discord was pretty surprising.

    • computergeek125@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It's probably also way cheaper to do it that way. As far as I could tell when I checked in on it some time ago, most of the content goes through a Cloudflare proxy straight to a GCP S3-compatible bucket.

    • uis@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      You still need to know magical numbers to download file.

    • LufyCZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      What is a password? A string of characters. What is a link? A string of characters.

      If you make it long enough, it'll be impossible to guess one.

      Your files are safe