HackerTrans
トップ新着トレンドコメント過去質問紹介求人

johncoatesdev

36 カルマ登録 8 年前

投稿

Who's Actually Running That Robot?

bostonglobe.com
2 ポイント·投稿者 johncoatesdev·25 日前·0 コメント

コメント

johncoatesdev
·10 時間前·議論
With a IDA Pro decompiler license & MCP server, paired with Codex/Claude Code... it would be a fun side quest.
johncoatesdev
·7 か月前·議論
You last-minute cancelled coffee with your friends to work on this? I'm not sure how I would feel if a friend did that to me.
johncoatesdev
·8 か月前·議論
Yes, but the advice shouldn't be "Never scan QR codes", it's more like: "be aware of dodgy QR codes by looking at the context in which it's placed".
johncoatesdev
·8 か月前·議論
And how exactly do you plan to forge the SSL certificates to deliver your filtered contents?
johncoatesdev
·8 か月前·議論
It's funny your warning about QR codes goes onto warn about PDF exploits. Yet you clicked the link to this article, by your own definition opening you up to "a whole different world of possible exploitations via whatever file is being returned". It's the nature of the internet to follow links, but our updated browsers keep us safe from exploits.

When was the last time you saw an un-targeted mass 0-day exploit campaign? There haven't been any for modern browsers. If we're talking about 0-days, you likely known there have been zero-click iMessage/WhatsApp vulnerabilities in the past. There's no protecting against those, but you're not here warning users to disable iMessage and WhatsApp. What's more realistic is making sure users keep their software updated, and trust that QR codes and links aren't going to waste a 0-day worth a million dollars on you.
johncoatesdev
·8 か月前·議論
Updating software is good advice. Do you realize how many CVEs are reported on a daily basis? Once you've got a password manager you're largely protected against phishing, so the biggest target becomes your computer, and the most likely way to compromise that would be through outdated software with public vulnerabilities.

What do you expect your browser security levels to the max to do? Browsers are designed to be secure from default settings.
johncoatesdev
·8 か月前·議論
It's completely the opposite of "use one password for everything". When you do that any single compromise of a website you have an account on means all your accounts are likely compromised. With a password manager you have a long random password for every single website, meaning a compromise is siloed to just that site.

Even if your password vault is stored on the cloud you're likely using a very secure passphrase for it that has 0 reuse anywhere else, so even if your password vault is stolen it's impossible to brute force.

For a hacker to comprise your password vault it would likely involve hacking your computer, which if you're keeping your software updated is a very difficult task these days without the target user's active help.