angel Jul 26, 2023
moving to @[email protected]
part 2 of the #FuckStalkerware series, this one is pretty big!

https://maia.crimew.gay/posts/fuckstalkerware-2/

also exclusively covered by techcrunch (less technical but more analysis than my post) here:

https://techcrunch.com/2023/07/24/spyhide-stalkerware-android/
Akkoma

Jul 24, 2023 at 4:24pmWeb
Show threadmoving to @[email protected]Jul 24, 2023
blog post has been updated to reflect a statement from mohammad a.
Show threadari Jul 24, 2023
@maia Every time I end up on your blog and see the kitten chasing around mouse cursor, it makes my day a little better. Thank you :3
Show threadGraham Sutherland / PolynomialJul 24, 2023
@ar @maia I do wish there was a little toggle for it, though. the idle animation makes it quite difficult to stay focused on the text (yay ADHD)
Show threadmoving to @[email protected]Jul 24, 2023
@gsuberland @ar for now it can be disabled by turning off js (not used for anything else on the site) or by enabling reduced motion, but yea i am planning on adding a toggle
Show threadGraham Sutherland / PolynomialJul 24, 2023

@maia @ar I read on mobile, so not quite as easy :)

toggle would definitely be appreciated!

Show threadAndyJul 25, 2023
@maia @ar on mobile it just stays in the centre of the page, but is still cute
Show threadVal Packett ðŸ§‰Jul 24, 2023
@[email protected] "upload a base64 encoded php webshell using the uploadPhoto endpoint" dang how does it feel to live in the 2000s rn? 😭 i wish i could earn any bug bounties with an upload bug lmaoo
Show threadLisPiJul 25, 2023
@valpackett @maia Why did that use to be a problem anyway?
Show threadSekoiaJul 24, 2023
@[email protected] very cool, fun read! A few questions:
1. Is there anywhere else I can read these kinds of hack breakdowns? They're super interesting
2. In one of the vscode screenshots (when the php script is uploaded) there's "fuck3333" and "fuckNOOO". What are those from/what do they mean?
3. If I understand the hack right, on a server that runs php, simply uploading a PHP file automatically gives you the ability to run stuff (presumably permission levels that depend on the setup or smth)? Is that inherent to PHP? That's... horribly cursed, if so.
Show threadmaia roza!Jul 24, 2023
@[email protected] amazing! i was literally looking on ur site this morning to see if the new post was up lol, must've had foresight. <3!!!!!!