Though the bit about the cloak I always found interesting. I’m leaning towards the “he turned into a Phoenix” angle myself, I don’t like the idea that the gods just “decided” to randomly grant him a reprieve and not Jason, especially with Trials of Apollo’s emphasis on agency more generally. It came out before Tower of Nero though: I think it’s pretty safe to say at this point that Frank didn’t lose his powers, it would’ve come up at the end of TON if he had (plus Frank doesn’t need to be nerfed.) I remember all the debate over Frank’s survival when Tyrant’s Tomb came out, this has a pretty good run-down of some different theories.
So today, I delve into the question we all want answered - is Frank Captain America? Is he King Arthur? Or is he in fact, the Phoenix King? Let’s explore. I pulled up the new version of the pre_tumblog.js file to see if the issue had been fixed, which it has.Frank’s tale in The Tryant’s Tomb is one mixed with mystery that has had the fandom theorising since it occurred.
It had been nearly two months since I reported the issue, so I was quite surprised - I assumed they hadn't deemed the vulnerability major enough to warrant a bounty. This weekend I received an email from HackerOne informing me that Tumblr had awarded me a $100 bounty for the bug report. Tumblr has a security bug bounty program, and while my vulnerability didn't quite fit their requirements, this was a really easy way to submit the issue. I quickly wrote up a description of the issue and sent it off to Tumblr. It could have just as easily been transferred off to some malicious user's servers.
#Bypassing tumblr login password
To my great displeasure, this worked - typing my password into the password input didn't cause any phishing alerts to pop up, and when I hit the sign in button, my password was alerted. I then bound the sign up button to call stealPasswords. I beautified that file, and found this snippet at the very front: I started investigating and found that Tumblr injects a javascript file in all of their user's sites, and that it gets loaded before any other scripts on the page. That's unnecessary, sounds like a bug, and creates a very terrible experience for the user. However, I was a little bothered about the user's report that the alert doesn't go away, even after they dismissed it. It wouldn't necessarily create a security issue for Waltz users (we log you in behind the scenes), but working around their alert would introduce a one-off hack, and also just felt like the wrong way to respond to Tumblr's good security principles. While it makes for a less-than-ideal experience for the user, I had no intention of bypassing Tumblr's anti-phishing tools. This is a great effort on Tumblr's part, and greatly reduces the phishing potential that came along with their services. Tumblr, recognizing the gem of a phishing attempt that their cusomtizable subdomain'd user blogs created, had put in some javascript that would alert the user if it looked like they were falling victim to a phishing scam. This gave Waltz users the ability to login from an actual Tumblr blog, which is usually not allowed. One of Waltz's main features is the ability to login from any page - regardless if that page is actually a login page. Jesse pointed out that I was doing it wrong - the user was having trouble logging in from a user's blog. Well that's by far the weirdest bug report I've seen regarding Waltz! I putzed around for awhile on the Tumblr login page and wasn't able to recreate the issue, so I reached out to one of the other major Waltz contributors, Jesse Pollak. This happens on the first keystroke in the password box and doesn't go awayĭo you guys have a workaround or is that Tumblr's issue? Was trying to set up Waltz on Tumblr today, problem being whenever I go to enter my Tumblr password the website throws a pop up going "Oh holy flaming jesus never ever ever enter your tumblr password anywhere but on TUMBLR DOT COM". About two months ago, though, I got one that stood out - the subject line had "Tumblr" in it, which is odd because Waltz has supported Tumblr from the day it launched. We encourage people to send us requests of sites they'd like to use Waltz on, and people take us up on that request quite often.
0 kommentar(er)
