HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Magicstatic

no profile record

Submissions

Android Goes All-In on Fuzzing

security.googleblog.com
2 points·by Magicstatic·3년 전·0 comments

Apple Mail phishing attack tricks victims to send their credentials to attacker

jonbottarini.com
1 points·by Magicstatic·5년 전·0 comments

Security researcher receives $1M bug bounty for saving company from $350M bug

twitter.com
53 points·by Magicstatic·5년 전·5 comments

EFF's reply to cease-&-desist letter – “Virtual Coachella” parody video

eff.org
230 points·by Magicstatic·5년 전·35 comments

City of Tucson, AZ invites remote workers with over $7,500 in benefits

startuptucson.com
3 points·by Magicstatic·6년 전·0 comments

comments

Magicstatic
·3년 전·discuss
I use Lookify.io which lets you look up a carrier without creating an account - you can also see if anyone else flags it as spammy but who knows if the reports are anything other than anecdotal
Magicstatic
·4년 전·discuss
This is the craziest part of the whole article - imagine you wanted to own something like "555-FOOD" - to have this vanity number work in every area code, you'd be looking at hundreds of thousands of dollars (annually?) if you used Verizon to route the calls
Magicstatic
·5년 전·discuss
Link to company confirming payment: https://twitter.com/josephdelong/status/1431314816698916865

Link to researcher writeup: https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wro...
Magicstatic
·5년 전·discuss
This has been refuted and is simply misleading: https://twitter.com/jon_bottarini/status/1428569700859056129
Magicstatic
·5년 전·discuss
Anecdote: Out of every bank and financial institution I have ever tried hacking (ethically, as part of bug bounty programs) Goldman Sachs is hands down, without a doubt, the most secure externally. By a long shot. They have what basically amounts to a central authentication service that 95% of their public facing IP’s resolve to. Their sub domains are locked down, they have a reasonably good patch schedule, they swiftly denylist your IP after running light scanners - it’s not a joke. I challenge you to find a vulnerability - when you do - get some money for it: https://hackerone.com/goldmansachs
Magicstatic
·5년 전·discuss
Many of us including myself are unable to fathom living a life like this, but I imagine this man will die in peace with a flock of sheep to his name, listening to the cuckoos.

And he will be just as happy (if not happier) as any of us reading this article.
Magicstatic
·5년 전·discuss
Sincere question - not meant to be inflammatory: Do you actually believe that most employees in the United States are coerced/forced to sign employment contracts, or are you simply playing devil's advocate?
Magicstatic
·5년 전·discuss
My favorite part of this response is in the footnote on page two, which states:

>If your client sincerely fears that this depiction is too realistic to be perceived as parody, Krazam’s video should be the least of its reputational concerns.

Followed by screenshots from the video showing the DocuSign "Docustage" and Meme Center (Sponsored by GE). At the end of the video itself, the Coachella participant is banned from the event because their "vibes are not compliant with the Coachella policy".

Glad EFF stepped in here to protect small creators such as this one.
Magicstatic
·6년 전·discuss
Is this a security problem? Depends on who you ask - but I'm willing to bet it would fall into the "accepted risk" category for the Facebook security team if they had to evaluate this.

The reality is that phone number lookup services are available all over the web which provide even more information (first+last name, address, zip code, social media profile links, etc etc etc) for free (https://www.bestfreephonelookup.com/phone-number/ as an example) - these services get their info from data aggregators and usually - your carrier! I don't see how Facebook exposing (in _limited_, very specific circumstances) the first name of a persons phone number being a security issue.

All the people in this thread screaming GDPR violation don't understand that if someone decides to stop using Facebook and delete their account, this method to lookup someone will not work. Sidenote: If you're really paranoid about having your phone number expose your real name when you're using any type of service online, just sign up for a Google Voice (voice.google.com) account and link it to your cell phone - I use this whenever I sign up for anything online and it saves me a ton of spam and scam calls.

EDIT: Facebook removed the ability to use the in-app search box in Facebook to find people based on just a phone number, this has been removed for at least 2 years.