HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Magicstatic

no profile record

投稿

Android Goes All-In on Fuzzing

security.googleblog.com
2 ポイント·投稿者 Magicstatic·3 年前·0 コメント

Apple Mail phishing attack tricks victims to send their credentials to attacker

jonbottarini.com
1 ポイント·投稿者 Magicstatic·5 年前·0 コメント

Security researcher receives $1M bug bounty for saving company from $350M bug

twitter.com
53 ポイント·投稿者 Magicstatic·5 年前·5 コメント

EFF's reply to cease-&-desist letter – “Virtual Coachella” parody video

eff.org
230 ポイント·投稿者 Magicstatic·5 年前·35 コメント

City of Tucson, AZ invites remote workers with over $7,500 in benefits

startuptucson.com
3 ポイント·投稿者 Magicstatic·6 年前·0 コメント

コメント

Magicstatic
·3 年前·議論
I use Lookify.io which lets you look up a carrier without creating an account - you can also see if anyone else flags it as spammy but who knows if the reports are anything other than anecdotal
Magicstatic
·4 年前·議論
This is the craziest part of the whole article - imagine you wanted to own something like "555-FOOD" - to have this vanity number work in every area code, you'd be looking at hundreds of thousands of dollars (annually?) if you used Verizon to route the calls
Magicstatic
·5 年前·議論
Link to company confirming payment: https://twitter.com/josephdelong/status/1431314816698916865

Link to researcher writeup: https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wro...
Magicstatic
·5 年前·議論
This has been refuted and is simply misleading: https://twitter.com/jon_bottarini/status/1428569700859056129
Magicstatic
·5 年前·議論
Anecdote: Out of every bank and financial institution I have ever tried hacking (ethically, as part of bug bounty programs) Goldman Sachs is hands down, without a doubt, the most secure externally. By a long shot. They have what basically amounts to a central authentication service that 95% of their public facing IP’s resolve to. Their sub domains are locked down, they have a reasonably good patch schedule, they swiftly denylist your IP after running light scanners - it’s not a joke. I challenge you to find a vulnerability - when you do - get some money for it: https://hackerone.com/goldmansachs
Magicstatic
·5 年前·議論
Many of us including myself are unable to fathom living a life like this, but I imagine this man will die in peace with a flock of sheep to his name, listening to the cuckoos.

And he will be just as happy (if not happier) as any of us reading this article.
Magicstatic
·5 年前·議論
Sincere question - not meant to be inflammatory: Do you actually believe that most employees in the United States are coerced/forced to sign employment contracts, or are you simply playing devil's advocate?
Magicstatic
·5 年前·議論
My favorite part of this response is in the footnote on page two, which states:

>If your client sincerely fears that this depiction is too realistic to be perceived as parody, Krazam’s video should be the least of its reputational concerns.

Followed by screenshots from the video showing the DocuSign "Docustage" and Meme Center (Sponsored by GE). At the end of the video itself, the Coachella participant is banned from the event because their "vibes are not compliant with the Coachella policy".

Glad EFF stepped in here to protect small creators such as this one.
Magicstatic
·6 年前·議論
Is this a security problem? Depends on who you ask - but I'm willing to bet it would fall into the "accepted risk" category for the Facebook security team if they had to evaluate this.

The reality is that phone number lookup services are available all over the web which provide even more information (first+last name, address, zip code, social media profile links, etc etc etc) for free (https://www.bestfreephonelookup.com/phone-number/ as an example) - these services get their info from data aggregators and usually - your carrier! I don't see how Facebook exposing (in _limited_, very specific circumstances) the first name of a persons phone number being a security issue.

All the people in this thread screaming GDPR violation don't understand that if someone decides to stop using Facebook and delete their account, this method to lookup someone will not work. Sidenote: If you're really paranoid about having your phone number expose your real name when you're using any type of service online, just sign up for a Google Voice (voice.google.com) account and link it to your cell phone - I use this whenever I sign up for anything online and it saves me a ton of spam and scam calls.

EDIT: Facebook removed the ability to use the in-app search box in Facebook to find people based on just a phone number, this has been removed for at least 2 years.