this post was submitted on 28 Feb 2024
994 points (97.3% liked)

Memes

8400 readers
410 users here now

Post memes here.

A meme is an idea, behavior, or style that spreads by means of imitation from person to person within a culture and often carries symbolic meaning representing a particular phenomenon or theme.

An Internet meme or meme, is a cultural item that is spread via the Internet, often through social media platforms. The name is by the concept of memes proposed by Richard Dawkins in 1972. Internet memes can take various forms, such as images, videos, GIFs, and various other viral sensations.


Laittakaa meemejä tänne.

founded 2 years ago
MODERATORS
 

(skeletor is leading by example by adding that unnecessary apostrophe...)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 9 months ago (1 children)

Sure, but the comic isn't talking about legit password usage systems. It's talking about how a comma could break the csv formatting of a csv file that came from a data breach and dump.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

That's still not how it would work.

Ok, assuming that we're talking about, like you say, a system that gets a breach which is storing PWs in clear text/plain text, instead of hashing it, which is a big if as those kinds of systems are either amateur/homebrew, or extinct at this point, but I digress. Let's say it's there.

The attacker would run a sanitization script out of the SQL table that would shift those problem characters into proxy characters, or correct them if it's going to cause a problem. One or two passwords lost to correct for thousands isn't a big deal. The result of trying to put some sort of SQL Injection or CSV formatting bug into your password, hoping it was stored as plaintext, and the attacker wouldn't be sanitizing the common formatting issues, is just silly.

Plus, it's not like they're only exporting it once. They've usually copied the DB down locally, so they'll see the formatting is skewed when parsing the CSV, and correct it on the next export out.

I'm all for the humor here, I was just calling out that nothing about the ideas the OP suggested would work in real life SecOps scenarios.

Souce: Am engineer at large corporation. Deal with scenarios and systems like this all the time.

Edit: People are downvoting this, seemingly because they don't like that the answer makes the OP's joke less funny and pretty unlikely. This is why it's difficult and frustrating to have these kinds of conversations on Lemmy or reddit. I am an expert. I responded with additional information to correct some misunderstandings. It gets down voted because...?