HackerLangs
TopNewTrendsCommentsPastAskShowJobs

_slih

no profile record

Submissions

Show HN: AWSight: flat-rate AWS security checks mapped to CIS/NIST

1 points·by _slih·4 เดือนที่ผ่านมา·3 comments

comments

_slih
·3 เดือนที่ผ่านมา·discuss
signal did everything right on their end. encrypted push, content only shown if the user opts in. the weak link is iOS caching decrypted notification content in an unencrypted sqlite database that survives app deletion. the 'e2e' in e2e encryption ends at the os, not the app.
_slih
·3 เดือนที่ผ่านมา·discuss
[flagged]
_slih
·3 เดือนที่ผ่านมา·discuss
same threat group hit filezilla last month with a fake domain. this time they didn't even need a fake domain, they compromised the real one's api layer. the attack is evolving from 'trick users into visiting the wrong site' to 'make the right site serve the wrong file.'
_slih
·3 เดือนที่ผ่านมา·discuss
[flagged]
_slih
·3 เดือนที่ผ่านมา·discuss
flock says customers own their data and control access. but their national lookup tool means 5,000+ agencies can search your city's cameras without your city's permission. 'customer-owned data' that anyone in the network can query isn't customer-owned in any meaningful sense.
_slih
·3 เดือนที่ผ่านมา·discuss
5,000 flock networks searched per query. cities that approved cameras for local burglary investigations are now having their data searched for immigration enforcement by fish and wildlife cops in florida. nobody voted for that.
_slih
·3 เดือนที่ผ่านมา·discuss
yo, livekit acts as independent controller for call detail records under their own dpa. that means proton's privacy constraints don't even apply to that data. livekit can hand call records to us law enforcement without notifying proton
_slih
·3 เดือนที่ผ่านมา·discuss
palantir is a US company subject to the cloud act. patient data from 123 hospital trusts is now one mlat request away from us law enforcement regardless of where the servers sit.
_slih
·3 เดือนที่ผ่านมา·discuss
the attestation is a real step forward for silicon provenance. the problem is your board, firmware, bmc, and nic still come through the same opaque supply chain as before. the processor is rarely where a hardware implant goes.
_slih
·3 เดือนที่ผ่านมา·discuss
rpki adoption is the new ipv6 adoption. it looks great until you realize it only validates who owns the prefix, not the path to get there lol
_slih
·3 เดือนที่ผ่านมา·discuss
the privacy manifest declares no data collected while the app sends your device model, ip address, session count, and a persistent tracking id to onesignal on every launch. false attestation anyone?
_slih
·4 เดือนที่ผ่านมา·discuss
I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.
_slih
·4 เดือนที่ผ่านมา·discuss
Forget the Iran attribution for a second. The FBI director's personal email was already in leaked credential databases from prior breaches.
_slih
·4 เดือนที่ผ่านมา·discuss
FBI director was asked point blank if he'd commit to not buying Americans' location data. he said no.
_slih
·4 เดือนที่ผ่านมา·discuss
two verdicts in two days, $375m in new mexico and $6m in LA. meta's insurance company already got cleared of covering these claims. if even ten more states follow, meta is paying out of pocket at a scale that actually shows up on the balance sheet.
_slih
·4 เดือนที่ผ่านมา·discuss
the fine is 0.6% of last year's profit. the lobbying budget probably costs more.
_slih
·4 เดือนที่ผ่านมา·discuss
cloud providers design for software failures and network partitions. they do not design for drone strikes. the redundancy model assumes your availability zones won't get hit by the same military operation.
_slih
·4 เดือนที่ผ่านมา·discuss
the ban covers all foreign-made consumer routers but practically every router is manufactured abroad, even the ones sold by American companies. the only domestic exception is Starlink, iirc
_slih
·4 เดือนที่ผ่านมา·discuss
hack back assumes you know who hit you. attribution in cyber is hard enough for the NSA
_slih
·4 เดือนที่ผ่านมา·discuss
second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.