WTF Bites
-
WordPress
The vulnerability resides in ThemeGrill Demo Importer, a plugin which is installed on more than 200,000 sites
Remote hackers can send a specially crafted payload to vulnerable sites and trigger a function inside the plugin.
The vulnerable function resets the site's content to zero, effectively wiping the content of all WordPress sites where a ThemeGrill theme is active, and the vulnerable plugin is installed.
Furthermore, if the site's database contains a user named "admin," then the attacker is granted access to that user with full administrator rights over the site.
-
@El_Heffe I could actually ask why the hell any browser should sign into a Google account, but then why the fuck a Microsoft browser not supporting that is surprising really is beyond me.
-
@El_Heffe Is anything related to WordPress not vulnerable?
-
@HardwareGeek said in WTF Bites:
@El_Heffe Is anything related to WordPress not vulnerable?
Wordpress creators' sense of shame, apparently.
-
@El_Heffe I could actually ask why the hell any browser should sign into a Google account, but then why the fuck a Microsoft browser not supporting that is surprising really is beyond me.
TRWTF is that "sign into a Google account" apparently means something completely different than what I think it means.
I've used various browsers to sign into my Google account for as long as "Google Account" has been a thing.
-
The most stupid VR game concept I've ever seen.
-
The most stupid VR game concept I've ever seen.
I've spent an inordinate amount of time attempting to discern your meaning, Ben, but, if I'm understanding correctly, that's a VR game where you play retro games?
-
In the United States, Australia, and around the world, […]
This entire phrase is entirely redundant in its entirety.
-
@kazitor Well, not really. Around the world doesn't mean the whole world. In particular, it doesn't mean in the United States and in Australia.
So that's like saying "in multiple places around the world (in the US and Australia in particular), [...]"
Edit: balanced parentheses
-
@Tsaukpaetra said in WTF Bites:
if I'm understanding correctly, that's a VR game where you play retro games?
Yup. What a waste of potential.
-
The most stupid VR game concept I've ever seen.
This depends entirely on what might happen in the background.
Imagine you're playing the game but suddenly you need to take control of a ground-to-air missile launcher to take down some aliens coming from the sky in front of you. But you also don't want to lose the game, so you need to switch back and forth.
That'd be cool.
-
Around the world doesn't mean the whole world.
And omitting it completely wouldn't mean the whole world either.
-
The most stupid VR game concept I've ever seen.
This depends entirely on what might happen in the background.
Imagine you're playing the game but suddenly you need to take control of a ground-to-air missile launcher to take down some aliens coming from the sky in front of you. But you also don't want to lose the game, so you need to switch back and forth.
That'd be cool.
The worst that can happen is your mom coming into the room and telling you you're playing games too much. Yes, really.
-
@El_Heffe I could actually ask why the hell any browser should sign into a Google account, but then why the fuck a Microsoft browser not supporting that is surprising really is beyond me.
TRWTF is that "sign into a Google account" apparently means something completely different than what I think it means.
You sign into a Google account with some application. Which application matters.
I've used various browsers to sign into my Google account for as long as "Google Account" has been a thing.
Yes, you can sign into your Google account with any web application from any browser. However only with a Google browser you can sign into your Google account with the browser itself so that the browser can:
- Store history, open tabs, passwords and other browsing data into your Google account and synchronize them between other instances of itself.
- Install extensions from the Google store.
Each browser has it's own service for this. And the other services wouldn't let them in even if they tried. So Microsoft can't implement signing into a Google account with Edge itself for the above two purposes. You can still sign in with any web apps running in it just fine.
-
- Install extensions from the Google store.
Works without signing into Google account.
-
@MrL I guess you are right. It's only the synchronization of your browsing data and password manager.
-
@El_Heffe I could actually ask why the hell any browser should sign into a Google account, but then why the fuck a Microsoft browser not supporting that is surprising really is beyond me.
I'd guess that people assumed it would happen automatically since MS is using chromium as a base and they'd probably have to work to disable it instead of just going with it.
-
@levicki said in WTF Bites:
@boomzilla said in WTF Bites:
You shouldn't talk about your mom like that. Look, I can pretend you said something you didn't, too!
But you did make a vague statement and then wanted me to look it up in some gigantic ass thread!
Goddamn. You really are as bad as
No need to insult right away? I wasn't insulting you anyway.
JFC...I was just making shit up about what you said in a super blatant way.
-
The most stupid VR game concept I've ever seen.
This depends entirely on what might happen in the background.
Imagine you're playing the game but suddenly you need to take control of a ground-to-air missile launcher to
take down some aliens coming from the sky in front of yourun windows updates. But you also don't want to lose the game, so you need to switch back and forth.That'd be cool.
Always with the shooting aliens.
-
-
-
@boomzilla said in WTF Bites:
I'd guess that people assumed it would happen automatically since MS is using chromium as a base and they'd probably have to work to disable it instead of just going with it.
Seems like a fair assumption.
-
@boomzilla said in WTF Bites:
@El_Heffe I could actually ask why the hell any browser should sign into a Google account, but then why the fuck a Microsoft browser not supporting that is surprising really is beyond me.
I'd guess that people assumed it would happen automatically since MS is using chromium as a base and they'd probably have to work to disable it instead of just going with it.
I don't know too much about the technical details, but is MS actually basing on Chromium browser or does that really mean just the Blink and V8 engines? I'd assume that whatever they're basing on, the Google profile sync stuff is rather part of the "skin" Chrome uses than the common "core" all these browsers share.
Even if I'm wrong, it makes sense for MS to rip it out.
-
I just killed a Windows Terminal Server by clicking on "My data has headers" while importing a 4KB CSV file into Excel!
-
-
The most stupid VR game concept I've ever seen.
This depends entirely on what might happen in the background.
Imagine you're playing the game but suddenly you need to take control of a ground-to-air missile launcher to take down some aliens coming from the sky in front of you. But you also don't want to lose the game, so you need to switch back and forth.
That'd be cool.
The worst that can happen is your mom coming into the room and telling you you're playing games too much. Yes, really.
That would be extremely bad. Or absolutely wonderful. I'm not sure which.
My mom has been dead almost 20 years.
-
@error_bot xkcd dark flow
-
-
At risk of running counter to Sinclair’s claim, in this case – as Lovelace herself would’ve hopefully agreed – it is people who are stupid, not computers.
-
@HardwareGeek said in WTF Bites:
@levicki said in WTF Bites:
gigantic ass thread
Fat shaming thread is .
@error_bot !xkcd hyphen
-
-
One of our enterprisey internal tools is a portal where you can download your payslips and PIT-11 forms. It's extremely important because PIT-11 is necessary to file taxes, but it's only ever useful once a year, when filing taxes.
Apparently my account got disabled because of inactivity - I guess I haven't logged in like a year.
-
Status: I get it, Microsoft, xCloud is for mobile, but did you have to force the email to behave like it too?
-
Wiktionary - a dictionary anyone can edit.
-
@Tsaukpaetra said in WTF Bites:
Status: I get it, Microsoft, xCloud is for mobile, but did you have to force the email to behave like it too?
Mobile
firstonly!
-
@Tsaukpaetra said in WTF Bites:
Status: I get it, Microsoft, xCloud is for mobile, but did you have to force the email to behave like it too?
Mobile
firstonly!Yeah, I have to unbox my XBone controller for this app.
-
Here is an important news update:
Just a shame the proofreader didn't catch that the last word was misspelled...
-
Status: Payment due today on an account, but when I log into their website, I just get an infinite spinner that never completes. Why doesn't anything work? Just for once I'd like an electronic system to actually work. Is that too much to ask for?
-
@mott555 I open up the web developer tools, and I see a billion failures related to cross-origin scripts plus a bunch of stuff failing to load from Facebook (I don't even have Facebook). I'll go ahead and name-and-shame them: Paypal, get your together! You should know better than this!
-
@mott555 I open up the web developer tools, and I see a billion failures related to cross-origin scripts plus a bunch of stuff failing to load from Facebook (I don't even have Facebook). I'll go ahead and name-and-shame them: Paypal, get your together! You should know better than this!
I recently tried logging into Paypal via Firefox. Failed. Worked on IE though.
-
Radeon Software shows the stats for my latest games:
It can't tell the difference between new Hitman 1 and old Hitman 1. And I have also played the exciting Launch Settings for 5 hours!
-
In the Witcher, several times you have the chance to remove the curse of a monster instead of killing it. This is the morally "good" option, the most in-character option canonically for Geralt, and - in the case of the striga, in particular - the more difficult option.
But if you kill them, you get a unique potion ingredient that grants you extra/special mutations (skills), and if you break the curse, you never get that ingredient/skill. You get rewarded for doing the wrong thing (morally and canonically).
-
Aaand crash to desktop.
-
In the Witcher, several times you have the chance to remove the curse of a monster instead of killing it. This is the morally "good" option, the most in-character option canonically for Geralt, and - in the case of the striga, in particular - the more difficult option.
But if you kill them, you get a unique potion ingredient that grants you extra/special mutations (skills), and if you break the curse, you never get that ingredient/skill. You get rewarded for doing the wrong thing (morally and canonically).Part of 'hard moral choices' theme of the game.
-
Status: Was just notified that our Registration system can sometimes swallow registrations in-flight, and that if this happens (and they successfully pay), their information is summarily deleted (it's held in a PHP session beforehand), no error is thrown, nothing appears wrong except they get an invalid confirmation ID, no confirmation email, and NOTHING IN THE LOGS INDICATES ANYTHING IS OUT OF THE ORDINARY!!!
Warning: PHP
Attendee record creation does this:
The code that calls that is this:
What happens when you try to add
false
to an array instead of a string?NOTHING, it does nothing with these ID numbers but stuff them into the session for updating later.
And guess what happens when it later tries to update the entry
false
?NOTHING!!!! It just shrugs and redirects you to the FUCKING HOME PAGE with NOT EXPLANATION!!!!
There are no logs indicating the failure in the Web access/error logs, and natch the database doesn't log insertion failures so I am literally blind to what happend.
Grrr....
-
@Tsaukpaetra said in WTF Bites:
if this happens (and they successfully pay), their information is summarily deleted
OK, that's serious as non-delivery of things they've paid for can land the company in actual trouble.
There are no logs indicating the failure in the Web access/error logs, and natch the database doesn't log insertion failures so I am literally blind to what happend.
Time to add more logging.
-
You get rewarded for doing the wrong thing (morally and canonically).
Which is pretty much the moral of the book series too - doing the good thing doesn't pay your bills.
-
You get rewarded for doing the wrong thing (morally and canonically).
So... like real life, then?
-
How long does it take to upload a 3kB file? For MS Teams, the answer is full 20 seconds. 20 seconds of the progress bar slowly filling up.
-
How long does it take to upload a 3kB file? For MS Teams, the answer is full 20 seconds. 20 seconds of the progress bar slowly filling up.
@ben_lubar called. He doesn't want his internet back.