HackerTrans
トップ新着トレンドコメント過去質問紹介求人

jimbojet

no profile record

コメント

jimbojet
·5 年前·議論
Malicious script can (1) fingerprint and detect lab machines and therefore not do bad thing — this is arbitrarily easy if Google test lab is the first to ever execute their script, (2) over time build a graph of IPs, geos, test machine characteristics that essentially allow them to avoid the world’s entire test lab infrastructure (there’s only a fixed number of test lab providers in the world since it’s so expensive to set up this infrastructure), (3) yes, bypassing testing like this is a violation of ToS, but that is fairly meaningless as entities and IPs are cheap to incorporate, (4) not sure what you’re saying about permission policies across its domains? Google does have such policies unless I’m missing something.
jimbojet
·5 年前·議論
The API exists because zoom.com request microphone and camera through an iframe is a legit use case. As OP said below CSPs exist so that enterprises can lock down those vulnerabilities. But wouldn’t make sense to lock it down for all consumers.
jimbojet
·5 年前·議論
Yawn. How did this make it to the top? I thought programmers were supposed to be good at math.
jimbojet
·5 年前·議論
You sound like you just took a stats 101 class and now are bragging to a bunch of adults about how much you learned in stats 101. Sincerely, someone working in the field for last 7 years.
jimbojet
·5 年前·議論
Me replying to my boss in chat when I first started working: “Yes I agree, thank you for the feedback”.

Me replying to my boss literally today: “lmao true”
jimbojet
·5 年前·議論
What’s the p-value on this bad boy? Also I wonder if they controlled for confounding factors. Ones I can think of are: “Thanks” more likely on emails containing requests, which inherently requires response if from colleague; personality could dictate which valediction you choose, which could also be reflected on how you wrote your email; whether “Best” and “Thanks” are used can be very cultural - eg everyone at Microsoft uses “Thanks” ONLY, and it would be very weird to see a “Best” and extremely rare to see a “Cheers”, those same communities may happen to have a larger response rate since some companies have better email culture, thus given their non-random sampling since they just used the responses from a small handful of online communities, that could bias results.
jimbojet
·5 年前·議論
User count is fairly meaningless. How much was that in daily active / weekly active users? How many of those were bot / spammer accounts being “seasoned” to then sell to abusers?
jimbojet
·5 年前·議論
As someone who worked on reputation at Microsoft, it sounds like a bad case of the right hand not talking to the left. Outlook SmartScreen judgment should be available to tier 3 support along with the IP block list check as a primary investigation step. The author should not have needed to go through tier 3 on two tickets before escalating to someone who had visibility into SmartScreen judgments. Hopefully this blog gets some publicity and Microsoft support amends their investigation process, as I’m sure the author is not the only person running into this issue.

All opinions are my own and not that of Microsoft.
jimbojet
·5 年前·議論
Better than trusting the perimeter. A single breach in a “trustful” intranet still results in full network compromise. Best to assume breach and work from there. Hating on zero trust is non-sensical to me, feels like the same as hating on security.
jimbojet
·5 年前·議論
If I were to guess, conversion rate on phishing sites
jimbojet
·5 年前·議論
Probably conversion rate on phishing sites