# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 9
# self = https://watcher.sour.is/conv/d5sj7ba
@slashdot wait, why in the fuck does John Deere have maps to customers equipment?! 😳 😱 🤦♂️
@slashdot wait, why in the fuck does John Deere have maps to customers equipment?! 😳 😱 🤦♂️
What’s funny is this comment:
> so basically "hacker" found a form that returns "account already registered" - and that is the whole basis of self promoting PR stunt? "A username enumeration vulnerability in the John Deere Web Portal (myjohndeere) sign-up form allows an unauthenticated remote attacker to submit unlimited requests, resulting in potential mass username enumeration. ... with no observable rate-limit."
What’s funny is this comment:\n\n> so basically "hacker" found a form that returns "account already registered" - and that is the whole basis of self promoting PR stunt? "A username enumeration vulnerability in the John Deere Web Portal (myjohndeere) sign-up form allows an unauthenticated remote attacker to submit unlimited requests, resulting in potential mass username enumeration. ... with no observable rate-limit."
What’s funny is this comment:
> so basically "hacker" found a form that returns "account already registered" - and that is the whole basis of self promoting PR stunt? "A username enumeration vulnerability in the John Deere Web Portal (myjohndeere) sign-up form allows an unauthenticated remote attacker to submit unlimited requests, resulting in potential mass username enumeration. ... with no observable rate-limit."
Well, I know John Deere is anti right to repair. Take the same people, add in nonfree JavaScript, unnecessary accounts on a web service because you own a tractor or something, and assorted forms of tracking and you get this.
Seriously, though, I really don't know how username enumeration like this leads to locations of users.
Well, I know John Deere is anti right to repair. Take the same people, add in nonfree JavaScript, unnecessary accounts on a web service because you own a tractor or something, and assorted forms of tracking and you get this.\nSeriously, though, I really don't know how username enumeration like this leads to locations of users.
I _guess_ with all this "cloud" nonsense and scalability, maybe the form was just put in place with no consideration whatsoever for rate-limiting, but they let the service(s) "auto scale" to a point where you _could_ easily enumerate many 10s of thousands of entries/requests? i.e: distributed attack?
I _guess_ with all this "cloud" nonsense and scalability, maybe the form was just put in place with no consideration whatsoever for rate-limiting, but they let the service(s) "auto scale" to a point where you _could_ easily enumerate many 10s of thousands of entries/requests? i.e: distributed attack?