HackerTrans
TopNewTrendsCommentsPastAskShowJobs

AtomicByte

no profile record

Submissions

[untitled]

1 points·by AtomicByte·há 4 meses·0 comments

[untitled]

1 points·by AtomicByte·há 5 meses·0 comments

[untitled]

1 points·by AtomicByte·há 8 meses·0 comments

[untitled]

1 points·by AtomicByte·há 10 meses·0 comments

[untitled]

1 points·by AtomicByte·há 11 meses·0 comments

[untitled]

1 points·by AtomicByte·há 11 meses·0 comments

[untitled]

1 points·by AtomicByte·há 12 meses·0 comments

Show HN: I made a vencord plugin to search for messages across discord

blog.jaisal.dev
2 points·by AtomicByte·ano passado·0 comments

Clipjacking: Hacked by copying text – Clickjacking but better

blog.jaisal.dev
8 points·by AtomicByte·ano passado·0 comments

comments

AtomicByte
·há 10 meses·discuss
[flagged]
AtomicByte
·ano passado·discuss
Yes that does happen to be what is commonly done
AtomicByte
·ano passado·discuss
Vibe coders gonna be vibing to this one
AtomicByte
·ano passado·discuss
Kinda sad
AtomicByte
·ano passado·discuss
This is super creative and cool. Brutecat back at it again heh
AtomicByte
·ano passado·discuss
That's honestly disgusting. It shocks me how can people be so ignorant.
AtomicByte
·ano passado·discuss
Functional programming confuses me. This is absolutely based tho
AtomicByte
·ano passado·discuss
Okay I had no idea they had history like that
AtomicByte
·ano passado·discuss
Creative coding is chillin as awesome as ever
AtomicByte
·ano passado·discuss
This was actually super informative
AtomicByte
·ano passado·discuss
Maybe they'll do it on uranus one day too
AtomicByte
·ano passado·discuss
I really don't want to waste my time explaining this to someone with clearly a subpar understanding of cybersecurity so I'll get an "AI" to:

The blog post "MCP: May Cause Pwnage" highlights critical security vulnerabilities in the Model Context Protocol (MCP) and its associated tools, such as the Inspector. These issues include default configurations that expose services to external networks by binding to 0.0.0.0, the use of GET requests for executing commands—making them susceptible to CSRF attacks—and the potential for DNS rebinding exploits due to the use of Server-Sent Events (SSE). While some may argue these are merely implementation flaws, the fact that these insecure practices are present in official SDKs and tools suggests systemic oversights in the protocol's design and default settings. Given MCP's growing adoption among major AI providers, addressing these vulnerabilities at the protocol level is crucial to ensure secure deployment and operation.

Security experts have echoed these concerns. For instance, in a podcast discussion, professionals highlighted the simplicity and severity of these exploits, emphasizing that such vulnerabilities are inherent in the protocol and its tools, not just in individual implementations. Critical Thinking - Bug Bounty Podcast

Do your research first, kids
AtomicByte
·ano passado·discuss
agree with dis ^
AtomicByte
·ano passado·discuss
we really are putting AI in everything atp now, aren't we?
AtomicByte
·ano passado·discuss
no idea there was so much going on behind the scenes of defendnot (I feel like someone sent it to me earlier; thought it was super cool)