Replying to Avatar matata

this is why i had to generate a new keypair aka account

i put my nsec in Anigma last year which leaked keys we found out later 😬
Avatar
Shawn 2y ago

Uh… they leaked? How/where/etc, please?

Reply to this note

Please Login to reply.

Discussion

Avatar
matata 2y ago

idk the details exactly but it was compromised

i asked many times but no one had given me an answer yet to how this happened and what other clients now do to prevent it

Avatar
jack 2y ago

XSS vulnerability

Avatar
matata 2y ago

thank you πŸ₯³

Avatar
Shawn 2y ago

Ugh. Thanks.

Avatar
π•Ύπ–Šπ–— π•Ύπ–‘π–Šπ–Šπ–•π–ž 2y ago

β€œCross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.” I understood nothing, is it possible this could still happen to me putting my nsec into these new clients ??

Avatar
matata 2y ago

would like to know too.. and if it's also something that can happen with mobile apps

i see it can be done with phishing links

and can ppl do this with img urls too? they automatically open since we can see them, right?

Avatar
π•Ύπ–Šπ–— π•Ύπ–‘π–Šπ–Šπ–•π–ž 2y ago

Yeah also is there a browser that would protect from such attacks ?

Avatar
Jonathan 2y ago

Definitely not in a mobile app AFAIK. It’s a browser problem. Image files a different. It’s simply a file. There’s no code being run unlike a web page.

Avatar
πŸ‡ 2y ago