HackerTrans
TopNewTrendsCommentsPastAskShowJobs

llui85

no profile record

Submissions

Hacking Google with A.I. For $500k

brutecat.com
16 points·by llui85·vorige maand·0 comments

Unauthenticated Object Write Vulnerability in MinIO

github.com
2 points·by llui85·3 maanden geleden·1 comments

Hacking Google Support: Leaking call logs and deanonymising agents

michaeldalton.au
15 points·by llui85·3 maanden geleden·2 comments

Hacking Google Support: Leaking millions of customer records ($14k bounty)

michaeldalton.au
2 points·by llui85·3 maanden geleden·0 comments

Australia: Kids under 16 to be banned from social media after Senate passes laws

abc.net.au
282 points·by llui85·2 jaar geleden·465 comments

comments

llui85
·3 maanden geleden·discuss
MinIO (a widely-used "high-performance, S3 compatible object store" published this advisory, which allows for unauthenticated overwrites of any file.

Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.
llui85
·3 maanden geleden·discuss
This is the write up from my first Google vulnerability which exposed a whole bunch of call logs. It was a fun thing to discover and a nice reminder that even Google isn't infallible to these sorts of breaches.
llui85
·vorig jaar·discuss
I've always used the <plaintext> tag - an unclosable element that converts the rest of the document into raw HTML. It's very obvious.

https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/...
llui85
·vorig jaar·discuss
(2022)
llui85
·2 jaar geleden·discuss
Some notes:

* It is illegal for a platform to provide children with a social media account, not for the child to create an account. Circumvention of this by the child is not illegal.

* No grandfathering - all accounts under 16 once this takes effect (which won't be until this time next year at earliest) must be deactivated.

* Maximum fine (per instance?) is 50 million AUD (about 32 million USD)

* The legislation is vague on the technical details, although it does specifically mandate that platforms cannot use government-issued ID of any kind (including digital ID).