Jeffalo wrote:

slgsan-encrypted wrote:

herohamp wrote:

CST1229 wrote:

herohamp wrote:

THE PRIVATE CODE BEING EXPOSED IN THAT MANOR IS NOT A SECURITY FLAW AS WE’VE GONE OVER.

It is if it redirects to a website that sends it to a server. (But not really a true security flaw I think)

It is not since the patch where the final server authenticating can get what the original redirect was and verify it.

Okay, thanks! And I told jeffalo about the patch for the redirect vuln(it is a vuln for e.g youtube doesn't leak your password when you get redirected) and I hope he patches it.

1. i have already worked with hampton to patch the bug in ocular.
2. your private code is not a password. it's useless unless the redirect location was ocular.jeffalo.net, so you can't intercept it with a redirect to your wrbsite.
3. it feels like you're already aware that the bug is patched, and you're still trying to get attention from it. (i feel this way because we've both explained to you that the bug is fixed but you keep making posts like this)

god286 wrote:

Chiroyce wrote:

Also love the new UI!!

I think it was a PR made months ago that was just merged now.

dertermenter wrote:

Ocular has been broken for a week.. anything I can do on my end to fix it?

slgsan-encrypted wrote:

herohamp wrote:

Jeffalo wrote:

slgsan-encrypted wrote:

herohamp wrote:

CST1229 wrote:

herohamp wrote:

THE PRIVATE CODE BEING EXPOSED IN THAT MANOR IS NOT A SECURITY FLAW AS WE’VE GONE OVER.

It is if it redirects to a website that sends it to a server. (But not really a true security flaw I think)

It is not since the patch where the final server authenticating can get what the original redirect was and verify it.

Okay, thanks! And I told jeffalo about the patch for the redirect vuln(it is a vuln for e.g youtube doesn't leak your password when you get redirected) and I hope he patches it.

1. i have already worked with hampton to patch the bug in ocular.
2. your private code is not a password. it's useless unless the redirect location was ocular.jeffalo.net, so you can't intercept it with a redirect to your wrbsite.
3. it feels like you're already aware that the bug is patched, and you're still trying to get attention from it. (i feel this way because we've both explained to you that the bug is fixed but you keep making posts like this)

It’s well understood they have no clue what’s happening now that they’be compared the private code to a password.

Ok, sorry, I didn't know it was fixed.

Jeffalo wrote:

dertermenter wrote:

Ocular has been broken for a week.. anything I can do on my end to fix it?

I believe search is frozen if that's what you mean. - that's out of my control

slgsan-encrypted wrote:

herohamp wrote:

Btw The private key is still visible on redirects

Then it is public code not private code LOL

slgsan-encrypted wrote:

TurtleLegos wrote:

slgsan-encrypted wrote:

Please check this:
https://scratch.mit.edu/discuss/topic/565800/
and fix the vuln!

Dude. You have posted on Herohamp and Jeffalo's profiles. You made a project about it then (partially using common sense), made your own topic, and now you post here? If you know so much about cybersecurity, you probably know not to publicly announce vulns. It's like me saying that I love anime one day, (I totally do) but then I say, “I DON'T WATCH ANIME!” It doesn't make any sense.

Bro, this is now sorted out, they didn't take it seriously, so I thought it is not severe, but I will demo my concept and I hope everyone will know better then.

VeryFamus wrote:

I found an Ocular bug (not sure if this happens for others, but) basically when you create an account, everyone’s post count is set to “0+”. Could you fix this?

Wowie king of the 152nd page

Jeffalo wrote:

VeryFamus wrote:

I found an Ocular bug (not sure if this happens for others, but) basically when you create an account, everyone’s post count is set to “0+”. Could you fix this?

Wowie king of the 152nd page

i think this is just a bug with scratchdb right now. it is currently under maintenance.

brourbeinsus wrote:

Me when the google images:


Edit: I just looked up brourbeinsus and found this what

Jeffalo wrote:

a little downtime

Jeffalo wrote:

a little downtime

Jeffalo wrote:

Jeffalo wrote:

a little downtime

nothing better than some late night christmas eve package upgrades

mybearworld wrote:

this is white now? is this intentional?

Chiroyce wrote:

(#3021)

mybearworld wrote:

this is white now? is this intentional?

Looks like it depends on browser

me on Firefox with macOS