Thousands of Firefox users accidentally commit login cookies on GitHub GitHub: 'Credentials exposed by our users are not in scope' November 18, 2021 https://www.theregister.com/2021/11/18/firefox_cookies_github/
Wait a minute, I don't get it. So now cookies can be stolen which may result in account hijacking because somehow Firefox cookie databases were being uploaded to GitHub by the Firefox browser? Or did I misunderstood?
It's not the browser that uploaded the cookies. This is the result of user error. Read the article: (the 'cookies.sqlite' file is in a hidden directory on Linux/Unix systems)
OK thanks, so it was the user themselves that uploaded these files by mistake, probably because Linux/Unix makes it easy to make such blunders, see article. https://nakedsecurity.sophos.com/20...-of-firefox-cookie-files-uploaded-by-mistake/
If someone doesn't know of the existence of dot-files, this person shouldn't be using Linux. On my system, I have checked the option to always show these files/folders, because I regularly view or edit them.
When you think about that statement, one wonders what other private related gems are also included. On many Linux systems the cookies.sqlite file is located a couple of levels deep in another "dot-file" hidden directory. On my system it's ~.mozilla/firefox/redacted/ Then there are the other hidden directories. I have 86 hidden "dot-file/directories" in my home directory. What other files/directories are being "committed" to GutHub. For example ~./gnupg, that is scary to think about. Absolutely agree with I use GitHub, there is no way that any commits would contain anything from my home directory root. I cannot imagine anyone, until reading about this, would use GitHub to backup home. Anyone who does that, shouldn't be using GitHub.
I mean, you're not entirely wrong but... I find that Linux puts files in really weird places compared to Windows. Sure, there's no registry (I think?) but the spread of the average Linux program is just staggering.
Every Gnu/Linux user started as a newbie. Anyway it is more of a issue of who is using Git/GitHub. Backing up directories to publicly viewable repository that could be searched through GitHubs search engine is a process that must be thoughtfully prepared... Git is intended for professional developers (coding) and users with good knowledge about Linux directory structures and Unix conventions. For Windows it is usually three program-specific directories under hidden AppData folder, and AppData\Local\Temp, and C:\Windows\temp, and registry. I don't think many Linux programs spread their files under the hood over more than 4 distinct, hidden directories.
This^ When I first started using Linux many years ago, I was pleasantly surprised how straightforward the filesystem is organized. Program-specific directories for the user are mostly just '~/.program' and/or '~/.config/program' and sometimes '~/.cache/program'. True, but when I first started and explored the options of the file manager, I soon found out you could check the option to always show hidden files (did the same in Windows).
Well I be damned. I never actually looked up what "opt" and stuff actually meant. Kind of stupid names, but ultimately they make sense.
BTW, have you ever looked at the hidden C:\ProgramData in Windows? This is the folder from which a lot of programs "forget" to delete stuff when uninstalled. Not to speak of the registry...
