cool ! I am using Hews, but I might switch to this.
fox
joined 1 year ago
this made me realize one of the things I like about the old design is how many posts you can see at a glance.
yup pretty sure
$ cat /etc/passwd
fox:hunter2:1000:1000::/home/fox:/usr/bin/zsh
😉
you don't need to be root to read /etc/passwd
However, the two Jumpsec Red Team members found that they could go around the restriction by changing the internal and external recipient ID in the POST request of a message, thus fooling the system into treating an external user as an internal one.
so they only do the check on client side. classic.
yes, I just found this out recently ! privacy guides have a section on this: https://www.privacyguides.org/en/dns/#android