HackerTrans
TopNewTrendsCommentsPastAskShowJobs

unknownhad

no profile record

Submissions

Inclusive Syntax: outdated tech terms and clearer alternatives

inclusivesyntax.com
3 points·by unknownhad·2 mesi fa·2 comments

Score by Collisions, Patch by Panic

blog.himanshuanand.com
5 points·by unknownhad·2 mesi fa·0 comments

I read OpenSSL for fun and found a nonce leak

blog.himanshuanand.com
3 points·by unknownhad·2 mesi fa·0 comments

Kernel Kill Switch

lore.kernel.org
3 points·by unknownhad·2 mesi fa·1 comments

The 90 Day disclosure policy is dead

blog.himanshuanand.com
17 points·by unknownhad·2 mesi fa·5 comments

Show HN: MAIro AI Slop in Games

mairo.himanshuanand.workers.dev
1 points·by unknownhad·4 mesi fa·0 comments

Always-on detections: eliminating the WAF "log versus block" trade-off

blog.cloudflare.com
1 points·by unknownhad·4 mesi fa·0 comments

Toxic combinations: when small signals add up to a security incident

blog.cloudflare.com
15 points·by unknownhad·4 mesi fa·5 comments

Ask HN: Are you missing daily email alerts from HN?

10 points·by unknownhad·6 mesi fa·8 comments

React2Shell and related RSC vulnerabilities threat brief

blog.cloudflare.com
21 points·by unknownhad·7 mesi fa·1 comments

I Found a Europa.eu Compromise

blog.himanshuanand.com
3 points·by unknownhad·7 mesi fa·1 comments

Look mom HR application, look mom no job – phishing using Zoom docs

blog.himanshuanand.com
1 points·by unknownhad·9 mesi fa·1 comments

Show HN: Typosquat Detective: Browser game to practice lookalike domains

typo.himanshuanand.com
1 points·by unknownhad·10 mesi fa·0 comments

comments

unknownhad
·2 mesi fa·discuss
It's a Smol side project additions/updates welcome.
unknownhad
·2 mesi fa·discuss
[flagged]
unknownhad
·2 mesi fa·discuss
This looks like an interesting proposal. My previous post : https://blog.himanshuanand.com/2026/05/the-90-day-disclosure... Highlight the issues some of these can be fixed by these, IIRC BSD already had similar feature.
unknownhad
·2 mesi fa·discuss
I think this assumes software is a static target (Which it is not) . We are not just using LLMs to scan old code developers are using LLMs (like Copilot and others) to write new code and they are doing it by the shovel-load. The pace of shipping has gone up which means the pace of introducing new bugs has gone up right alongside it. The bug pool does not empty out because we keep refilling it every sprint.

Plus, the definition of the "easily found stuff" is a moving target. The AI models aren't static either. What takes a human reverse-engineer a week of deep insight today might just be a standard automated API call by 2027.

So while I would love for the dust to settle in a year, I think we are just looking at the new normal.

Thanks for reading the post and for the great counter-point!
unknownhad
·2 mesi fa·discuss
The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines to near-zero. I have seen it first hand, and so has everyone else paying attention. This post lays out why the old model is broken, with real stories, and makes one ask to the industry: treat every critical security issue as P0 and patch it immediately.
unknownhad
·6 mesi fa·discuss
I have received an Email today. I was using https://www.hndigest.com/ Kudos to the person behin.
unknownhad
·6 mesi fa·discuss
All the Emails were from `hello @ hndigest.com` W00ps, My understanding was this is from HN.
unknownhad
·7 mesi fa·discuss
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites. I traced similar behavior across other high-profile domains, reported the issue to CERT-EU via email (after some Twitter help) and the problem was later confirmed as fixed on 6th November 2025. This post walks through how I found it, how I reported it and what we can learn from it.
unknownhad
·9 mesi fa·discuss
A phishing campaign that uses Zoom's document share flow as the initial trust vector.

It forces victims through a fake "bot protection" gate, then shows a Gmail-like login. When someone types credentials, they are pushed out to the attacker over a WebSocket and the backend validates them.