Fake, but entirely possible.
Also I'm creating #mediumbutrare for those rare Medium posts that don't suck.
i just helped wikipedia people find some template vandalism where the guy redirected them so when you click anywhere on the page it'd link to his youtube page (look at the logs) and it reminded me a lot of this
"Any site that includes third party code is drearily vulnerable in a myriad of detectable, undetectable, expected, unexpected, testable, untestable and downright random ways," said the 1 in 4 websites on the Internet running Wordpress. We found a damn bitcoin miner running on ours a few years back. And when fucking Equifax leaks the data for like half of the United States it's really hard to get all pantytwisted over "ZOMG don't run third party packages they might steal your data!"My goal (as it turns out) is simply to point out that any site that includes third party code is alarmingly vulnerable, in a completely undetectable way.
I was with it until he got to the bit about pen testers: 7am to 7pm where? Is there any basis for the conclusion that no pen testers work on off-hours, or that none live in a different time zone from whichever one he's using? I also find it difficult to believe that the detection methods he describes are the only ones available. This also presumes that you're putting your credit card info into a site that uses nodeJS to begin with. Especially because this issue, i.e. the lack of verification on npm packages, has been known about for years. I mean, I read about it years ago, and I'm hardly on the cutting edge of network security.What hours do they work? My code doesn’t send anything between 7am and 7pm. It halves my haul, but 95% reduces my chances of getting caught.
fools! with my invisibility incantation, i can steal your most precious treasures without detection by your magical wards! wahaha!