“Attackers, Trellix wrote, use the platform’s webhooks to pull data from victims’ computers and drop it into Discord channels run by the attackers.”

  • KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    91
    ·
    1 year ago

    This is… annoying. I get the intent for malware, but honestly it’s a BS reason. The content will just be uploaded elsewhere. But what this will do is drastically lower their storage cost under the guise of… not even user safety, more “slightly inconveniencing malware writers.”

    • LufyCZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Yes, it’ll be uploaded elsewhere. That’s the whole point.

      Discord doesn’t want to host any of this data, they don’t want to be connected to criminal activity. It makes sense.

      Also, while it might slightly lower their storage costs (if the hackers move elsewhere), if you send a file to someone, it’ll still stay on Discord’s servers. Only difference is the link to said file - it’ll only be valid for a day, and then you’ll have to use a new one (in a way that’s probably transparent to the user)

      • Solar Bear@slrpnk.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        The goal here is to make it difficult to link to things uploaded to discord from outside of discord. The malware reason is BS. If they wanted to curb malware it would be as easy as making it a nitro feature. What that doesn’t fix is all the people piggybacking on discord as a free CDN.

        Discord isn’t even wrong for doing this. I just resent their dishonesty.

        • LufyCZ@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Not sure rolling it into Nitro would be worth the effort, I’d consider that quite complex personally

  • Dandroid@dandroid.app
    link
    fedilink
    English
    arrow-up
    68
    ·
    1 year ago

    I wonder if McAfee changing their name to Trellix to escape how much the general public hates them will work better than Comcast rebranding as Xfinity.

    • SheeEttin@lemmy.world
      link
      fedilink
      English
      arrow-up
      40
      ·
      1 year ago

      The general public doesn’t hate McAfee that much, so I’d bet it’ll work. Heck, I work in IT and I didn’t even know about the rebrand (mostly because I engage with McAfee as little as possible).

          • Scrubbles@poptalk.scrubbles.tech
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            Yes, but I like this because it ingrains in people’s heads that when they hear Trelix they should think McAfee, to make that connection. Like with Xfinity, they don’t want that connection made, they want people thinking “Oh I don’t have that crappy Comcast service, I have Xfinity”. I’ll be saying it this way to show people that they’re the same thing

  • Chewy@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    It’s an annoying change for anyone using discord to share files outside of it’s closed platform but doesn’t affect most people.

    I wonder whether bridges for matrix have to be fixed or if they’re already editing messages bridged to matrix to the new url.

    • deadcade@lemmy.deadca.de
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Depends on how it’s implemented. Anyone using a “media proxy” will see their discord bridged media probably fail to load (outside of possible caches) after a day. Anyone who has their bridge configured to reupload discord media to their homeserver should see no change.

  • ndguardian@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Honestly, I’m okay with this at least until they fix the fact that all shared files are accessible without authentication. Granted, you still had to get the link before downloading an uploaded file, but the fact that there was no authentication required to download a file uploaded to Discord was pretty surprising.

    • computergeek125@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It’s probably also way cheaper to do it that way. As far as I could tell when I checked in on it some time ago, most of the content goes through a Cloudflare proxy straight to a GCP S3-compatible bucket.

    • LufyCZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What is a password? A string of characters. What is a link? A string of characters.

      If you make it long enough, it’ll be impossible to guess one.

      Your files are safe