You can set clipboard.autocopy to false in about:config to disable this. It breaks the example, at least.
EDIT: I thought the behavior was preserved for textareas, as the comment box here still copied on select. But it suddenly disabled it here too. Restarting the browser is probably a safe bet :)
I should say, doing this only mitigates the middle-click-paste pastejack exploit. The underlying issue - JAVASCRIPT CAN ALTER WHAT YOU HAVE SELECTED AT WILL AND WITHOUT DETECTION - remains, and I believe we'll see other exploits pop up from this.
Say you're about to copy a crypto wallet. You have it selected, and are about to press CTRL-C to copy it. It is entirely possible for malicious code to detect that. And, as it turns out, it's possible for it to change the selection to a different (invisible) string, right as you press CTRL-C.
The cause of ADHD has not been confirmed yet, but it is generally claimed to be related to dopamine production and uptake.
I certainly had ADHD before being exposed to work environments. I've had my entire life. But it wasn't until I got my diagnosis, and started taking medication for it, that my square-peg of an existence began to fit in with the round-hole of reality.
Work environments have nothing to do with it for me. In fact, I love my job. Here, my ADHD is something of a benefit. I've excelled at everything I have found enjoyable, and have no qualms with working insane crunch on the stuff I like.
The key word there being like. If I don't like doing it, it's practically impossible for me to do. Or rather, if it's mundane or otherwise just "not interesting", I struggle. Strangely enough, I have an easier time accomplishing things I actively dislike doing. Not sure why.
It's like my body is controlled by an autopilot gone rogue, and the medication helps me override it.
For example, I have trouble going to the bathroom to take a piss. Not because of any phobia or anything. I just cant. Literally. I'll sit and squirm until I'm about to piss myself, and only then will I go to the bathroom. Been doing that since I was a little kid.
One way around it is to trick myself somehow, like by putting on a podcast, even though I'll only hear like 20 seconds of it. Couldn't do that as a kid, tho. Back then, I would wait until it became physically painful, because only then would my rogue autopilot allow me to go piss.
Doing laundry? Impossible. Vacuuming? No. Washing dishes? Well, now I have a dishwasher, but emptying it? No way.
That is, unless I take my medication (methylphenidate). It doesn't make mundane things any less mundane. It's still boring to brush my teeth and piss. It just makes it possible.
I didn't get my diagnosis until I was 28. My entire life I've been struggling with this. It's a primary factor in my lifelong battle with depression. It's lead me down a path of substance abuse — alcohol and cocaine in particular.
Despite all of this, I still second-guess myself on whether I truly have ADHD. What if I'm just a drug addict, and I just tricked a psychiatrist into giving me those sweet sweet drugs?
There are varying degrees of adhd, and indeed some require medication. My comment is more against having medication as a default solution. Obviously poorly phrased as it may have offended someone, and i apologise for that. Also thank you for your comment, it does help me better understand the topic.
Judging from experiences of mine and my friends, it may be less about "varying degrees of ADHD" and more about "varying degrees of coping mechanisms one have managed to develop through their life".
If you don't need to spend significant amounts of energy on daily basis to cope with your ADHD (successfully or not), do you have ADHD at all?
Certainly an interesting question. I was told by two people that have it that I do, and by a psychologist that i clearly don't. But I do know that I have symptoms. So the question is rather spot on. Unless you "you don't need to spend significant amounts of energy" do you actually have it? Can it be that the symptoms are caused by something else?
And that brings me back to my initial poorly worded comment. Whereby my worry is that some may be too happy to prescribe medication where its no needed, as opposed to focusing on removing the factors that cause so many people to have symptoms of various traits that they don't actually enjoy. I am just worried that we rely too much on sedating folks just to numb them as a first resort simply because our work patterns and habbits are toxic to varying degrees overall.
One important thing to note is that before you do your research, you have no idea how much the effort you need to spend compares to anyone else. For most of my life I was pretty sure that everyone's mind worked like mine.
Also, it's hard enough to get ADHD meds even if you genuinely need them to function that I'm not worried about people ending up overmedicated at all. I'd rather see meds becoming easier to obtain, since people who actually need them suffer from the obstacles meant to stop people who don't the most.
Maybe not intentionally, but a basically-dormant company like Apple Records could very well provide a really attractive attack vector. Their security is probably going to be orders of magnitudes worse than Apple Music, so why not just hack Apple Records instead?
Registering a domain and hosting a phishing website usually comes at a small price (around 10$) which is just 1% of the VMC (I just learned that).
“Expensive” is very subjective, I think it highly depends on the financial standard of the actor and the expected value.
In the case of Apple: if it is expected to aid in phishing an interesting iCloud user, or scamming 100 users for 10$, then I expect that there will be actors that will pay this initial cost to make more later on.
I agree that the classic mass-mail LQ phish actors would probably not go here, but the same holds for smaller organizations. With the current price-tag, end users then still have to trust non-BIMI and BIMI verified e-mails daily.
That seems to leave plenty room for phishing. Also, if VMC prices drop, it will also attract more phish actors.
Though I see your point, I do not think that a financial bar is effectively combatting phishing.
I do not know how valid the paper trail concern is; I haven’t gone through the VMC procedure(s).
You don't just need the VMC itself, you have to get a registered trademark, which is also probably up there in the thousands.
> I do not know how valid the paper trail concern is; I haven’t gone through the VMC procedure(s).
You can currently steal a credit card, lie to a registrar and start your phishing campaign. Having to have a legal entity for a phish paints a nice target on your back.
I haven’t been through the trademarking process myself, but I would assume that a LOT of them exist.
Would it be possible to register a trademark that looks similar to another company’s and impersonate them? I can’t imagine the process would be 100% effective.
Sure the company would probably notice pretty quickly, but not before you’ve spear phished a couple clients.
My first internship was as a Dynamics AX dev. Me and another guy. Our mentor was a super-duper senior architect something something. He once asked us what we were planning on doing, career-wise, and we were kinda surprised; obviously we were working towards becoming Dynamics AX devs, and were hoping for a job at that place.
He got a somewhat wistful look in his eyes, and said (more to himself than to us) he wished he could go back and choose not to do that.
I'll never forget that. He was earning an insane amount of money, working super high-level at one of the largest IT firms in the country.
I think a lot of ERP stuff is like that - pays well but few people regard it as fun - not least of which is that end up with knowledge of very niche technologies that don't really progress very rapidly.
Edit: Mind you for job security and cash generating potential they are can be pretty good - years ago I knew of people on £3000 a day in the UK working on very niche financial systems - but you basically had to have a lot of domain knowledge (financial consolidation) and decent development skills.
Honestly, I do mostly web development and unless you're really interested in the product (which is far from a given) why do you care if it's an ERP or ecommerce or some travel application?
My guess: If you are implementing any type of software, you usually see an UI, input and output. For SAP and ERP you can also have this.
But it's really ugly, messy, and you might have to implement 5 corner cases of what the german government has thought of to complicate the lives' of everyone in regards to capital gains taxes in combination with church taxes, in a year in which you got married but one of the two left the church the same year. Oh, and what if you also got a kid that year and moved cities? And during implementation there is another law passed to change stuff?
In other words: So out of the world that noone finds it interesting anymore :D
I've used it for resources that have been permanently deleted, rather than the 404 that you'll usually see. I think it makes sense for that sort of stuff.
From a user perspective, getting a 404 after following a link that previously worked can indicate a couple of things. Like maybe the resource still exists in some other place, but they didn't set up redirects. Maybe it's been "privated" in some way, and I no longer have access to it.
A 410 makes it explicitly clear to me, that the resource has been permanently deleted. It'd also be nice if the response included some metadata as to when the resource was deleted.
It's copy that's an exploit vector.
To disable it, set clipboard.autocopy to false.