HackerTrans
TopNewTrendsCommentsPastAskShowJobs

AtomicByte

no profile record

Submissions

[untitled]

1 points·by AtomicByte·vor 4 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 5 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 8 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 10 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 11 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 11 Monaten·0 comments

[untitled]

1 points·by AtomicByte·vor 12 Monaten·0 comments

Show HN: I made a vencord plugin to search for messages across discord

blog.jaisal.dev
2 points·by AtomicByte·letztes Jahr·0 comments

Clipjacking: Hacked by copying text – Clickjacking but better

blog.jaisal.dev
8 points·by AtomicByte·letztes Jahr·0 comments

comments

AtomicByte
·vor 10 Monaten·discuss
[flagged]
AtomicByte
·letztes Jahr·discuss
Yes that does happen to be what is commonly done
AtomicByte
·letztes Jahr·discuss
Vibe coders gonna be vibing to this one
AtomicByte
·letztes Jahr·discuss
Kinda sad
AtomicByte
·letztes Jahr·discuss
This is super creative and cool. Brutecat back at it again heh
AtomicByte
·letztes Jahr·discuss
That's honestly disgusting. It shocks me how can people be so ignorant.
AtomicByte
·letztes Jahr·discuss
Functional programming confuses me. This is absolutely based tho
AtomicByte
·letztes Jahr·discuss
Okay I had no idea they had history like that
AtomicByte
·letztes Jahr·discuss
Creative coding is chillin as awesome as ever
AtomicByte
·letztes Jahr·discuss
This was actually super informative
AtomicByte
·letztes Jahr·discuss
Maybe they'll do it on uranus one day too
AtomicByte
·letztes Jahr·discuss
I really don't want to waste my time explaining this to someone with clearly a subpar understanding of cybersecurity so I'll get an "AI" to:

The blog post "MCP: May Cause Pwnage" highlights critical security vulnerabilities in the Model Context Protocol (MCP) and its associated tools, such as the Inspector. These issues include default configurations that expose services to external networks by binding to 0.0.0.0, the use of GET requests for executing commands—making them susceptible to CSRF attacks—and the potential for DNS rebinding exploits due to the use of Server-Sent Events (SSE). While some may argue these are merely implementation flaws, the fact that these insecure practices are present in official SDKs and tools suggests systemic oversights in the protocol's design and default settings. Given MCP's growing adoption among major AI providers, addressing these vulnerabilities at the protocol level is crucial to ensure secure deployment and operation.

Security experts have echoed these concerns. For instance, in a podcast discussion, professionals highlighted the simplicity and severity of these exploits, emphasizing that such vulnerabilities are inherent in the protocol and its tools, not just in individual implementations. Critical Thinking - Bug Bounty Podcast

Do your research first, kids
AtomicByte
·letztes Jahr·discuss
agree with dis ^
AtomicByte
·letztes Jahr·discuss
we really are putting AI in everything atp now, aren't we?
AtomicByte
·letztes Jahr·discuss
no idea there was so much going on behind the scenes of defendnot (I feel like someone sent it to me earlier; thought it was super cool)