From 542bdbd8183bc4b580fc5949e19bbf9e6a3c2487 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Mon, 30 Jan 2023 05:43:46 +0000 Subject: Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c3cab54..925d2a6 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ This mod doesn't make you 100% safe, but it makes it much harder to steal your s ## Staying Safe In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar so it can load its protection before any other mods.
+You should also use [MultiMC](https://github.com/MultiMC/Launcher/) or one of its derivates [PolyMC](https://github.com/PolyMC/PolyMC) or [PrismLauncher](https://github.com/PrismLauncher/PrismLauncher), because they use launch Minecraft in a way that improves security.
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.
Don't login with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with [pandaninjas' GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key). -- cgit From 84ca260675d8166896a2c778358ee0dadaac9707 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Mon, 30 Jan 2023 05:44:05 +0000 Subject: Update SECURITY.md --- SECURITY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SECURITY.md b/SECURITY.md index d9d5e6d..ddb0c83 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,7 @@ Currently all versions are supported. | Version | Supported | | ------- | ------------------ | | 1.0.0 | ✔️ | +| Any nightly branch | ❌ | ## Reporting a Vulnerability -- cgit From 05dc984235b7da7db2ad2ef502468a8eddf4abfd Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Sat, 4 Feb 2023 02:40:52 +0000 Subject: Update SECURITY.md --- SECURITY.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index ddb0c83..7d9b630 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,22 +2,21 @@ ## Supported Versions -Currently all versions are supported. - -| Version | Supported | -| ------- | ------------------ | -| 1.0.0 | ✔️ | -| Any nightly branch | ❌ | +Currently, all releaswed versions are supported. +| Version | Supported | +|--------------------|-----------| +| 1.0.0 | ✔️ | +| Any nightly branch | ❌ | ## Reporting a Vulnerability A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
Vulnerabilities that are out of scope are defined as those that NoSession itself cannot prevent. -However, if you can produce a patch for an out of scope vulnerability, a bug bounty will be awarded as well. +However, if you can produce a patch for an out-of-scope vulnerability, a bug bounty will be awarded as well. The bug bounty is a $5 USD Amazon Gift Card. I might run out, so it's awarded on a first come, first serve basis. -Report the bug bounty by emailing admin@malwarefight.gq or by sending a DM to PandaNinjas#3017 on Discord.
+Report the bug bounty by sending a DM to PandaNinjas#3017 on Discord.
If you would like, you can encrypt the message with my [public GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key)
Your bug bounty may be invalidated if you disclose it to the public before. -- cgit From 5c5a0a52bc7313bc1add24563b02018ae1cbe4a9 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Fri, 10 Feb 2023 18:41:17 +0000 Subject: Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 925d2a6..57750c5 100644 --- a/README.md +++ b/README.md @@ -23,3 +23,6 @@ See [SECURITY.md](SECURITY.md) ## Features - Does not break existing token login methods + +## Contributing +All pushes to the main branch *must* be signed with a GPG key. See https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key and https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account for how -- cgit