HackerTrans
トップ新着トレンドコメント過去質問紹介求人

_slih

no profile record

投稿

Show HN: AWSight: flat-rate AWS security checks mapped to CIS/NIST

1 ポイント·投稿者 _slih·4 か月前·3 コメント

コメント

_slih
·3 か月前·議論
signal did everything right on their end. encrypted push, content only shown if the user opts in. the weak link is iOS caching decrypted notification content in an unencrypted sqlite database that survives app deletion. the 'e2e' in e2e encryption ends at the os, not the app.
_slih
·3 か月前·議論
[flagged]
_slih
·3 か月前·議論
same threat group hit filezilla last month with a fake domain. this time they didn't even need a fake domain, they compromised the real one's api layer. the attack is evolving from 'trick users into visiting the wrong site' to 'make the right site serve the wrong file.'
_slih
·3 か月前·議論
[flagged]
_slih
·3 か月前·議論
flock says customers own their data and control access. but their national lookup tool means 5,000+ agencies can search your city's cameras without your city's permission. 'customer-owned data' that anyone in the network can query isn't customer-owned in any meaningful sense.
_slih
·3 か月前·議論
5,000 flock networks searched per query. cities that approved cameras for local burglary investigations are now having their data searched for immigration enforcement by fish and wildlife cops in florida. nobody voted for that.
_slih
·3 か月前·議論
yo, livekit acts as independent controller for call detail records under their own dpa. that means proton's privacy constraints don't even apply to that data. livekit can hand call records to us law enforcement without notifying proton
_slih
·3 か月前·議論
palantir is a US company subject to the cloud act. patient data from 123 hospital trusts is now one mlat request away from us law enforcement regardless of where the servers sit.
_slih
·3 か月前·議論
the attestation is a real step forward for silicon provenance. the problem is your board, firmware, bmc, and nic still come through the same opaque supply chain as before. the processor is rarely where a hardware implant goes.
_slih
·3 か月前·議論
rpki adoption is the new ipv6 adoption. it looks great until you realize it only validates who owns the prefix, not the path to get there lol
_slih
·3 か月前·議論
the privacy manifest declares no data collected while the app sends your device model, ip address, session count, and a persistent tracking id to onesignal on every launch. false attestation anyone?
_slih
·4 か月前·議論
I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.
_slih
·4 か月前·議論
Forget the Iran attribution for a second. The FBI director's personal email was already in leaked credential databases from prior breaches.
_slih
·4 か月前·議論
FBI director was asked point blank if he'd commit to not buying Americans' location data. he said no.
_slih
·4 か月前·議論
two verdicts in two days, $375m in new mexico and $6m in LA. meta's insurance company already got cleared of covering these claims. if even ten more states follow, meta is paying out of pocket at a scale that actually shows up on the balance sheet.
_slih
·4 か月前·議論
the fine is 0.6% of last year's profit. the lobbying budget probably costs more.
_slih
·4 か月前·議論
cloud providers design for software failures and network partitions. they do not design for drone strikes. the redundancy model assumes your availability zones won't get hit by the same military operation.
_slih
·4 か月前·議論
the ban covers all foreign-made consumer routers but practically every router is manufactured abroad, even the ones sold by American companies. the only domestic exception is Starlink, iirc
_slih
·4 か月前·議論
hack back assumes you know who hit you. attribution in cyber is hard enough for the NSA
_slih
·4 か月前·議論
second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.