HackerTrans
TopNewTrendsCommentsPastAskShowJobs

aryan14

no profile record

Submissions

Bitcoin Surpasses $123,000 USD

reuters.com
6 points·by aryan14·в прошлом году·0 comments

Trump Is Losing Patience with Musk's Outbursts over Megabill

wsj.com
13 points·by aryan14·в прошлом году·1 comments

[untitled]

1 points·by aryan14·в прошлом году·0 comments

uBlock Origin Has Been Disabled

ublockorigin.com
31 points·by aryan14·в прошлом году·40 comments

Federal appeals court upholds law requiring sale or ban of TikTok in the US

thv11.com
4 points·by aryan14·2 года назад·0 comments

Bitcoin reaches all time high, and its correlation with the US election

morningstar.com
3 points·by aryan14·2 года назад·0 comments

[untitled]

1 points·by aryan14·2 года назад·0 comments

Ask HN: Where's your go-to spot to hire web developers?

2 points·by aryan14·2 года назад·2 comments

comments

aryan14
·в прошлом месяце·discuss
You can view the recent activity on your Microsoft account @ account(dot)live(dot)com/Activity

Would show any logins or security info updates etc
aryan14
·в прошлом месяце·discuss
It’s just incorrect

It’s true that existing sessions are revoked; because the password was reset

The reason the target wouldn’t get any notifications at all would be in the case they never setup any additional verification methods to receive these notifications to, since this only worked on accounts w/o 2FA

You can test this on your own account, if you have 2FA enabled and reset your password, you’ll receive notifications to whatever option you have enabled

Also, if you reset the password, it doesn’t remove all 2FA methods on the account (you can test this)

So assuming a threat actor reset the password, they would attempt to login with the correct password but would still need the 2FA code or approval
aryan14
·в прошлом месяце·discuss
> “In case you're wondering, because the system treats this high-privilege recovery flow as a total account reset by the "true" owner, the original 2FA gets thoroughly bypassed in the process.“

This is false.

Important to note this did not work if your account had 2FA of any kind

e.g if you had a time based authenticator enabled, after the AI gave you the code to reset the password, it had no notable privileges beyond that

Tldr; if you had 2FA this wouldn’t work on you
aryan14
·в прошлом месяце·discuss
This is actually what microsoft does for microsoft accounts

If you recover a microsoft account / submit a ticket to recover it and provide correct information, the active email gets an email letting them know about the request

You can deny it, or if you ignore it for 30 days the request goes through

Seems to be the best system IMO
aryan14
·2 месяца назад·discuss
You can host your keepass db file anywhere you like, whether that’s google drive or on a hard drive.
aryan14
·2 месяца назад·discuss
How is this not bigger news?
aryan14
·6 месяцев назад·discuss
And he has been and continues to make fun of the investigators, publicly mocking investigators and sending small amounts from the fraudulent wallets to investigators.

Crazy world
aryan14
·10 месяцев назад·discuss
Was thinking about this the entire time, not sure why they’re saying it has to be govt sponsored threat actors for a bunch of SIM cards

Didn’t understand how it’d be used for espionage either, doesn’t even make sense
aryan14
·10 месяцев назад·discuss
You could run wireguard thru CLI directly instead of jumping through the mullvad app itself
aryan14
·в прошлом году·discuss
Doesn’t look good on mobile, difficult to use
aryan14
·в прошлом году·discuss
Cross checked known malicious mail list with applicants, found a match and made a blog about it lol
aryan14
·в прошлом году·discuss
[flagged]
aryan14
·в прошлом году·discuss
Are the typos on purpose for opsec reasons?
aryan14
·в прошлом году·discuss
This has probably been happening since the beginning of modern media.

The only reason this is an article is because of “AI” and Russia VS The US
aryan14
·в прошлом году·discuss
This isn’t fair to say.

Any platform that’s popular will have its share of undesirable users, out of the company’s control.

Discord has very good moderation in contrast to other platforms (Constant banwaves on illegal/shady servers, terminating accounts frequently, etc)
aryan14
·в прошлом году·discuss
How well it’ll do in court is debatable, could go for either side, but regardless of the outcome it’s always good to see resistance and pushback
aryan14
·в прошлом году·discuss
As they should. You can’t throw an ultimatum for something that benefits nobody but the govt. and kick everyone around.

Would like to see other companies who were affected by similar situations also take this to court
aryan14
·в прошлом году·discuss
Absolutely mental the kind of people that have power. Dealing with this like immature children.

“We don’t get what we want? We ruin it for everyone.”

Trying to backdoor a privacy feature for no real reason, just for the sake of having a backdoor. Pathetic
aryan14
·2 года назад·discuss
A very easy anonymous way is to simply use a self custody wallet like Exodus.

You can buy ETH, then you can use a TOR crypto exchange to swap it from ETH -> BTC into your wallet.

Just an idea though
aryan14
·2 года назад·discuss
How did it fail at being P2P e-cash?

You can use bitcoin completely/as anonymously as cash if you wanted to, the same way you’d have to put in a bit of effort to have a completely anonymous cash transaction.

Monero (XMR) which is a fork of bitcoin, is much closer to actual cash