1. I create a well crafted post to a normal site that gets 10.000 upvotes.

  2. I change the URL to a malicious site.

  3. ???

  4. Profit

  • Salamander@mander.xyz
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    It makes it a little bit easier to do, but it is not difficult to replicate this effect without changing the URL in the title - using a redirected URL and changing the redirect address, for example.

    I think that this small increase in the way this kind of attack can be delivered is more than counter-balanced by the convenience of having editable titles.

    • morrowind
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Most subreddits also blocked redirect links for (partially) reason.

      • Salamander@mander.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        You don’t need to use a known redirect link. If the plan begins with a post that obtains 10,000 likes, I am sure the attacker can spend a small amount of effort and register a domain.

        • deweydecibel@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Surely you don’t think that’s equivalent to a simple 5 second copy paste of a new URL into the textbox, right?

          And it’s not just about attack vectors, it’s also about stealth ads and misinformation

          • Cinner@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            I’m not sure what you’re getting at but he’s right, it’s incredibly simple to setup a new redirect site.