From 3fdf4b63545037be0d436ae8c0d7261c1d540931 Mon Sep 17 00:00:00 2001 From: Adi Rabinovich Date: Sat, 7 Sep 2024 17:35:16 -0400 Subject: [PATCH] Quick security post this weekend. --- content/posts/2024-tiktok-security-hole-schoker/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/2024-tiktok-security-hole-schoker/index.md b/content/posts/2024-tiktok-security-hole-schoker/index.md index 2a3a965..f52b692 100644 --- a/content/posts/2024-tiktok-security-hole-schoker/index.md +++ b/content/posts/2024-tiktok-security-hole-schoker/index.md @@ -36,7 +36,7 @@ Some more details on this common vulnerability - their login API (/send_code) di The sad reality is that most email accounts quickly get found out via all kinds of hacks and leaks, and end up on dark-web for sale mostly to spammers and hackers. Interestingly there was a challenge attempted by TikTok initially - showing puzzles to verify if I am human. However simply cancelling the puzzle few times convinced them somehow not to show it any more. -It is also very possible that there is rate limiter setup in front of the API - however this also offers limited protection as slower rate of requests may not trigger it, and attack by randomizing source IP should also confuse it. +It is also very possible that there is a rate limiter setup in front of the API - however this also offers limited protection as slower rate of requests may not trigger it, and attack by randomizing source IP also likely to confuse it. ## Recent related Squarespace hack