- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
“Attackers, Trellix wrote, use the platform’s webhooks to pull data from victims’ computers and drop it into Discord channels run by the attackers.”
You must log in or register to comment.
I always thought it was a bad idea for people to treat Discord as a free CDN.
I mean it worked for long enough 🤷♂️
If its going away now, it isn’t quite long enough…
This is… annoying. I get the intent for malware, but honestly it’s a BS reason. The content will just be uploaded elsewhere. But what this will do is drastically lower their storage cost under the guise of… not even user safety, more “slightly inconveniencing malware writers.”
Yes, it’ll be uploaded elsewhere. That’s the whole point.
Discord doesn’t want to host any of this data, they don’t want to be connected to criminal activity. It makes sense.
Also, while it might slightly lower their storage costs (if the hackers move elsewhere), if you send a file to someone, it’ll still stay on Discord’s servers. Only difference is the link to said file - it’ll only be valid for a day, and then you’ll have to use a new one (in a way that’s probably transparent to the user)
lol@ this. My bet what is actually happening: cost cutting or future nitro feature.
I don’t care what you say, Discord is terrible.
It’s just like IRC but with privacy violations and ads!
More like Mumble, but with privacy violations and ads
And without an ability to host the network yourself!
Interesting news but I don’t really get how this is self-hosted?
It’s an annoying change for anyone using discord to share files outside of it’s closed platform but doesn’t affect most people.
I wonder whether bridges for matrix have to be fixed or if they’re already editing messages bridged to matrix to the new url.
Honestly, I’m okay with this at least until they fix the fact that all shared files are accessible without authentication. Granted, you still had to get the link before downloading an uploaded file, but the fact that there was no authentication required to download a file uploaded to Discord was pretty surprising.
It’s probably also way cheaper to do it that way. As far as I could tell when I checked in on it some time ago, most of the content goes through a Cloudflare proxy straight to a GCP S3-compatible bucket.
And a LOT risky
You still need to know magical numbers to download file.
What is a password? A string of characters. What is a link? A string of characters.
If you make it long enough, it’ll be impossible to guess one.
Your files are safe
Trying to keep those classified documents on the DL for home grown radical terror.
