HackerTrans
TopNewTrendsCommentsPastAskShowJobs

unknownhad

no profile record

Submissions

Inclusive Syntax: outdated tech terms and clearer alternatives

inclusivesyntax.com
3 points·by unknownhad·há 2 meses·2 comments

Score by Collisions, Patch by Panic

blog.himanshuanand.com
5 points·by unknownhad·há 2 meses·0 comments

I read OpenSSL for fun and found a nonce leak

blog.himanshuanand.com
3 points·by unknownhad·há 2 meses·0 comments

Kernel Kill Switch

lore.kernel.org
3 points·by unknownhad·há 2 meses·1 comments

The 90 Day disclosure policy is dead

blog.himanshuanand.com
17 points·by unknownhad·há 2 meses·5 comments

Show HN: MAIro AI Slop in Games

mairo.himanshuanand.workers.dev
1 points·by unknownhad·há 4 meses·0 comments

Always-on detections: eliminating the WAF "log versus block" trade-off

blog.cloudflare.com
1 points·by unknownhad·há 4 meses·0 comments

Toxic combinations: when small signals add up to a security incident

blog.cloudflare.com
15 points·by unknownhad·há 4 meses·5 comments

Ask HN: Are you missing daily email alerts from HN?

10 points·by unknownhad·há 6 meses·8 comments

React2Shell and related RSC vulnerabilities threat brief

blog.cloudflare.com
21 points·by unknownhad·há 7 meses·1 comments

I Found a Europa.eu Compromise

blog.himanshuanand.com
3 points·by unknownhad·há 7 meses·1 comments

Look mom HR application, look mom no job – phishing using Zoom docs

blog.himanshuanand.com
1 points·by unknownhad·há 9 meses·1 comments

Show HN: Typosquat Detective: Browser game to practice lookalike domains

typo.himanshuanand.com
1 points·by unknownhad·há 10 meses·0 comments

comments

unknownhad
·há 2 meses·discuss
It's a Smol side project additions/updates welcome.
unknownhad
·há 2 meses·discuss
[flagged]
unknownhad
·há 2 meses·discuss
This looks like an interesting proposal. My previous post : https://blog.himanshuanand.com/2026/05/the-90-day-disclosure... Highlight the issues some of these can be fixed by these, IIRC BSD already had similar feature.
unknownhad
·há 2 meses·discuss
I think this assumes software is a static target (Which it is not) . We are not just using LLMs to scan old code developers are using LLMs (like Copilot and others) to write new code and they are doing it by the shovel-load. The pace of shipping has gone up which means the pace of introducing new bugs has gone up right alongside it. The bug pool does not empty out because we keep refilling it every sprint.

Plus, the definition of the "easily found stuff" is a moving target. The AI models aren't static either. What takes a human reverse-engineer a week of deep insight today might just be a standard automated API call by 2027.

So while I would love for the dust to settle in a year, I think we are just looking at the new normal.

Thanks for reading the post and for the great counter-point!
unknownhad
·há 2 meses·discuss
The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines to near-zero. I have seen it first hand, and so has everyone else paying attention. This post lays out why the old model is broken, with real stories, and makes one ask to the industry: treat every critical security issue as P0 and patch it immediately.
unknownhad
·há 6 meses·discuss
I have received an Email today. I was using https://www.hndigest.com/ Kudos to the person behin.
unknownhad
·há 6 meses·discuss
All the Emails were from `hello @ hndigest.com` W00ps, My understanding was this is from HN.
unknownhad
·há 7 meses·discuss
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites. I traced similar behavior across other high-profile domains, reported the issue to CERT-EU via email (after some Twitter help) and the problem was later confirmed as fixed on 6th November 2025. This post walks through how I found it, how I reported it and what we can learn from it.
unknownhad
·há 9 meses·discuss
A phishing campaign that uses Zoom's document share flow as the initial trust vector.

It forces victims through a fake "bot protection" gate, then shows a Gmail-like login. When someone types credentials, they are pushed out to the attacker over a WebSocket and the backend validates them.