HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ShadowRegent

no profile record

Submissions

Upcoming end of support for Nest Learning Thermostats (first and 2nd gen)

support.google.com
7 points·by ShadowRegent·в прошлом году·3 comments

The Windows Registry Adventure

googleprojectzero.blogspot.com
1 points·by ShadowRegent·2 года назад·1 comments

comments

ShadowRegent
·10 месяцев назад·discuss
When Apple says your data doesn't leave their servers, that doesn't mean those servers have to be in their own datacenters or that Apple doesn't have other vendors that help them deliver their service. It also doesn't mean those companies have access to your unencrypted data. That data also, by necessity, likely traverses other networks in encrypted form on its way between you and Apple.
ShadowRegent
·в прошлом году·discuss
They're old, but it's really disappointing to see them end even basic temperature control (except physically on the device).
ShadowRegent
·2 года назад·discuss
I'm not so sure. One of the potential benefits of removing ports from the iPhone is improved water resistance (personally, I'd still rather have the port). I don't foresee going swimming with my AirPods case.
ShadowRegent
·2 года назад·discuss
Part 2: https://googleprojectzero.blogspot.com/2024/04/the-windows-r...
ShadowRegent
·3 года назад·discuss
It’s only been a couple of business days, and it’s likely that they themselves will need root cause from equipment vendors (and perhaps information from the utility) to fully explain what happened. Perhaps they won’t publish anything, but at least give them an opportunity before trying to do it for them.
ShadowRegent
·3 года назад·discuss
Maybe, but I think that their "Informed Speculation" section was probably unnecessary. They may or may not be correct, but give Flexential an opportunity to share what actually happened rather than openly guessing on what might have happened. Instead, state the facts you know and move onto your response and lessons learned.
ShadowRegent
·3 года назад·discuss
Interesting choice to spend the bulk of the article publicly shifting blame to a vendor by name and speculating on their root cause. Also an interesting choice to publicly call out that you're a whale in the facility and include an electrical diagram clearly marked Confidential by your vendor in the postmortem.

Honestly, this is rather unprofessional. I understand and support explaining what triggered the event and giving a bit of context, but the focus on your postmortem needs to be on your incident, not your vendor's.

Clearly, a lot went wrong and Flexential needs to do their own postmortem, but Cloudflare doesn't need to make guesses and do it for them, much less publicly.
ShadowRegent
·3 года назад·discuss
Close, but not quite. The keys were for consumer Microsoft accounts, but accepted for organization accounts as well.
ShadowRegent
·3 года назад·discuss
> Am I right to assume that because the attacker had the signing key all of the extra authentication mechanisms that would have been enabled on accounts were bypassed by the attacker...?

That's my understanding.