HackerTrans
TopNewTrendsCommentsPastAskShowJobs

itscrush

no profile record

comments

itscrush
·قبل 4 أشهر·discuss
Usually through service accounts. Those are single factor.
itscrush
·قبل 10 أشهر·discuss
Monetize first is their strategy given this included statement:

> Our future plans include letting you save a secure backup archive to the location of your choosing
itscrush
·قبل 12 شهرًا·discuss
Looks like AdGuard allows for same, thanks for mentioning dnsmasq support! I overlooked it on setup.
itscrush
·السنة الماضية·discuss
Certainly doable, grapheneOS has it https://grapheneos.org/features#duress.
itscrush
·السنة الماضية·discuss
Wrong. Their profile clearly states high school teacher. Why assume?
itscrush
·السنة الماضية·discuss
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.

Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
itscrush
·السنة الماضية·discuss
Wiz uses various API's via read access in your accounts/orgs/subscriptions to assess risk of configuration.

They also snapshot your disks, cloning them to Wiz accounts to provide secrets scanning / vuln scanning / etc against your infra.

These resulting risks / findings are scored and provided in their SAAS Wiz console via dashboards / APIs / integrations with remediation guidance.
itscrush
·السنة الماضية·discuss
Yes folks do and I can't understand it either. Have asked / talked through their rationale but frankly humans are irrational is my clear takeaway. I experience it mostly when folks are prompting search in family settings. These usually overlap with the no-earbuds watch-videos crowd while others are reading / napping, etc.
itscrush
·السنة الماضية·discuss
Certainly not the UK, they're spearheading much of the privacy problem.
itscrush
·السنة الماضية·discuss
Bitwarden for usability. Vaultwarden if you can and prefer to self host. Being on the internet you'll have to trust someone at some point. Can reduce risk by combining strong 2FA (not SMS/Email) alongside backing up your vault.

Ensure all your passwords get reset at some point after vaulting, long randomly generated from Bitwarden extension/app is easy enough. Ensure you enable strong 2FA at each service you have an account at too.

https://bitwarden.com/help/setup-two-step-login/ https://bitwarden.com/resources/guide-how-to-create-and-stor...
itscrush
·السنة الماضية·discuss
> I am using CloudFlare for my DNS.

Based on this it sounds like you exposed your resource and advertised it for others. Reverse dns, get IP, scan IP.

Probably simpler, you exposed resource on IPV4 publicly, if it exists, it'll be scanned. There's probably 100s of companies scanning entire 0.0.0.0/0 space at all times.
itscrush
·قبل سنتين·discuss
API based credentials are just username + password in this context, nothing else seems to be restricting access to data. So if your Snowflake tenant isn't enforcing IP restriction to limit source auth attempts, those creds can be used to pull the data from any source IP.

Even then, you'll still have an HTTP 403 response layer filtering those auth attempts based on IP... where we can assume these failed to implement it.

So far between TechCrunch, Wired, and other reporting it seems most claim creds get owned, sold, then used against under-restrictive Snowflake tenants which are exposed by default.

i.e; https://epa06486.snowflakecomputing.com/console/login#/ here's someone's tenant, if you were able to go buy some creds for it, should walk right in.

[edit] I have a more detailed Snowflake comment with references that might fill in better gaps here; https://news.ycombinator.com/item?id=40554753