Nicole [LOCKED]

365 readers

11 users here now

Due to recent developments, we've had to lock down this community until further notice. For more information, please take a look at this post: https://feddit.org/post/10515288

Thank you for your understanding.

founded 1 month ago

MODERATORS

[email protected]

Megathread: Nicole research (feddit.org)

submitted 1 month ago by [email protected] to c/[email protected]

91 comments fedilink hide all child comments

Who is Nicole really? Who got messages from Nicole? Who is behind the messages? What is the resolution of Nicole's profile images? Do I really have to be a racist to join her server? This comment section's purpose is to collect all that information.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 6 days ago* (last edited 6 days ago) (1 children)

without an image

I thought so, too, but I switched to "Private Browsing"—which disables most of my extension—and opened my inbox there, and there was the image. Went I went back to my normal browser where the tab was still open, there was the image, too. So it just seemed like it took a very long time to load.

The image URL was https://quokk.au/pictrs... which is another Lemmy instance, and the message was from bogymanstout(at)quokk.au. So the image wasn't hosted externally to the Lemmiverse, so it can't really be a deanonymization attack like some people were theorizing. There's nothing else in the message. No tracking pixels or anything.

On the other hand, it's a very small instance with only 8 communities. The largest of which, world news, has almost 1,000 subscribers. Not impossible to be a fake instance designed for spying, but seems unlikely.

Update:

I just opened my inbox in a normal window again, and Firefox simply refuses to load that image in my inbox. I don't know why. It loads fine if I open that URL in a new tab.

[–] [email protected] 2 points 6 days ago (1 children)

I recently read an article that broke down a webp vulnerability that was being actively exploited. Which of course I can't find right now.

If I had access to my PC at the moment I'd pop open the image itself and see if I could find any odd strings anywhere inside of it. I'm sure someone better at this stuff than I could take a deeper dive into the image itself if so inclined.

[–] [email protected] 3 points 6 days ago* (last edited 6 days ago) (1 children)

The only webp exploits for which I can find articles are from 2023. Some new articles, but still about the 2023 exploit. Both in Chrome and in iOS.

The first step would be to see if the "PNG" file is actually a webp file. To see if what you're saying is plausible.

However, if there were a new, unpatched webp exploit, there's zero reason to spam users with DMs when you can just post the image in popular communities. It could be any image and there'd be no reason to keep sending images pretending to be a girl looking for friends.

It's the links in the image which are important to the attacker. Originally they weren't in the image and it was easy for admins to filter them out, so the attacker took the time to embed them in the image. This points to traditional catfishing and pig butchering as the attack.

Then again they could be playing 4D chess and masquerading the real attack as simple catfishing.

Update

Oh. My. God.

Byte Ox000cbb7f contains the word "Cum"!

They're trying to poison our minds!

It's just a normal PNG file.

[–] [email protected] 2 points 6 days ago

Thanks for the insight.

The article I read was recent - within the last week or so. Maddening that I can't find it again. Should have bookmarked it.

Anyway, that all scans. Figured it was a possibility even if it wasn't likely.