HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jimbojet

no profile record

comments

jimbojet
·5 ปีที่แล้ว·discuss
Malicious script can (1) fingerprint and detect lab machines and therefore not do bad thing — this is arbitrarily easy if Google test lab is the first to ever execute their script, (2) over time build a graph of IPs, geos, test machine characteristics that essentially allow them to avoid the world’s entire test lab infrastructure (there’s only a fixed number of test lab providers in the world since it’s so expensive to set up this infrastructure), (3) yes, bypassing testing like this is a violation of ToS, but that is fairly meaningless as entities and IPs are cheap to incorporate, (4) not sure what you’re saying about permission policies across its domains? Google does have such policies unless I’m missing something.
jimbojet
·5 ปีที่แล้ว·discuss
The API exists because zoom.com request microphone and camera through an iframe is a legit use case. As OP said below CSPs exist so that enterprises can lock down those vulnerabilities. But wouldn’t make sense to lock it down for all consumers.
jimbojet
·5 ปีที่แล้ว·discuss
Yawn. How did this make it to the top? I thought programmers were supposed to be good at math.
jimbojet
·5 ปีที่แล้ว·discuss
You sound like you just took a stats 101 class and now are bragging to a bunch of adults about how much you learned in stats 101. Sincerely, someone working in the field for last 7 years.
jimbojet
·5 ปีที่แล้ว·discuss
Me replying to my boss in chat when I first started working: “Yes I agree, thank you for the feedback”.

Me replying to my boss literally today: “lmao true”
jimbojet
·5 ปีที่แล้ว·discuss
What’s the p-value on this bad boy? Also I wonder if they controlled for confounding factors. Ones I can think of are: “Thanks” more likely on emails containing requests, which inherently requires response if from colleague; personality could dictate which valediction you choose, which could also be reflected on how you wrote your email; whether “Best” and “Thanks” are used can be very cultural - eg everyone at Microsoft uses “Thanks” ONLY, and it would be very weird to see a “Best” and extremely rare to see a “Cheers”, those same communities may happen to have a larger response rate since some companies have better email culture, thus given their non-random sampling since they just used the responses from a small handful of online communities, that could bias results.
jimbojet
·5 ปีที่แล้ว·discuss
User count is fairly meaningless. How much was that in daily active / weekly active users? How many of those were bot / spammer accounts being “seasoned” to then sell to abusers?
jimbojet
·5 ปีที่แล้ว·discuss
As someone who worked on reputation at Microsoft, it sounds like a bad case of the right hand not talking to the left. Outlook SmartScreen judgment should be available to tier 3 support along with the IP block list check as a primary investigation step. The author should not have needed to go through tier 3 on two tickets before escalating to someone who had visibility into SmartScreen judgments. Hopefully this blog gets some publicity and Microsoft support amends their investigation process, as I’m sure the author is not the only person running into this issue.

All opinions are my own and not that of Microsoft.
jimbojet
·5 ปีที่แล้ว·discuss
Better than trusting the perimeter. A single breach in a “trustful” intranet still results in full network compromise. Best to assume breach and work from there. Hating on zero trust is non-sensical to me, feels like the same as hating on security.
jimbojet
·5 ปีที่แล้ว·discuss
If I were to guess, conversion rate on phishing sites
jimbojet
·5 ปีที่แล้ว·discuss
Probably conversion rate on phishing sites