HackerTrans
TopNewTrendsCommentsPastAskShowJobs

itscrush

no profile record

comments

itscrush
·4 ay önce·discuss
Usually through service accounts. Those are single factor.
itscrush
·10 ay önce·discuss
Monetize first is their strategy given this included statement:

> Our future plans include letting you save a secure backup archive to the location of your choosing
itscrush
·12 ay önce·discuss
Looks like AdGuard allows for same, thanks for mentioning dnsmasq support! I overlooked it on setup.
itscrush
·geçen yıl·discuss
Certainly doable, grapheneOS has it https://grapheneos.org/features#duress.
itscrush
·geçen yıl·discuss
Wrong. Their profile clearly states high school teacher. Why assume?
itscrush
·geçen yıl·discuss
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.

Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
itscrush
·geçen yıl·discuss
Wiz uses various API's via read access in your accounts/orgs/subscriptions to assess risk of configuration.

They also snapshot your disks, cloning them to Wiz accounts to provide secrets scanning / vuln scanning / etc against your infra.

These resulting risks / findings are scored and provided in their SAAS Wiz console via dashboards / APIs / integrations with remediation guidance.
itscrush
·geçen yıl·discuss
Yes folks do and I can't understand it either. Have asked / talked through their rationale but frankly humans are irrational is my clear takeaway. I experience it mostly when folks are prompting search in family settings. These usually overlap with the no-earbuds watch-videos crowd while others are reading / napping, etc.
itscrush
·geçen yıl·discuss
Certainly not the UK, they're spearheading much of the privacy problem.
itscrush
·geçen yıl·discuss
Bitwarden for usability. Vaultwarden if you can and prefer to self host. Being on the internet you'll have to trust someone at some point. Can reduce risk by combining strong 2FA (not SMS/Email) alongside backing up your vault.

Ensure all your passwords get reset at some point after vaulting, long randomly generated from Bitwarden extension/app is easy enough. Ensure you enable strong 2FA at each service you have an account at too.

https://bitwarden.com/help/setup-two-step-login/ https://bitwarden.com/resources/guide-how-to-create-and-stor...
itscrush
·geçen yıl·discuss
> I am using CloudFlare for my DNS.

Based on this it sounds like you exposed your resource and advertised it for others. Reverse dns, get IP, scan IP.

Probably simpler, you exposed resource on IPV4 publicly, if it exists, it'll be scanned. There's probably 100s of companies scanning entire 0.0.0.0/0 space at all times.
itscrush
·geçen yıl·discuss
Why isn't your name in your profile here or why aren't you easily identified if that's the case? You're not all that identifiable here.
itscrush
·geçen yıl·discuss
1. Is github the best place to report bugs / issues for Waterfox?

2. When (not in your lifetime obviously) Waterfox is broken, what canaries do you have deployed that we can archive now, like Mozilla's tell here?

3. What keeps waterfox afloat? Where/how do you accept funds?

4. How do I find a sync alternative or provide my own? Such that, I'm not reliant on Mozilla sync/backend? ... If none exists, how much would it cost for you to embed one? Would you accept a serious bounty for it assuming the focus is self hosted / no Waterfox backend services?
itscrush
·geçen yıl·discuss
Veracrypt works just fine on M$ Windows 11 for FDE.
itscrush
·geçen yıl·discuss
Same play as the meat industry leveraging "data analytics" to fix and sort at https://www.agristats.com/.

[1]https://www.justice.gov/archives/opa/pr/four-states-join-jus...

[2]https://farmaction.us/2023/10/12/food-price-fixing-is-still-...
itscrush
·geçen yıl·discuss
The security community used to maintain one that was fairly active pre-covid.

https://github.com/PaulSec/awesome-sec-talks
itscrush
·geçen yıl·discuss
Is the best counter here to acquire a brand tld to operate themselves (setting aside all the linkrot it generates)? They've certainly got the resources when you compare against other brand tlds that this could have been an option.
itscrush
·geçen yıl·discuss
The tld it's dependent on doesn't fall within these parameters. They also don't own and operate the .cc TLD do they?
itscrush
·2 yıl önce·discuss
API based credentials are just username + password in this context, nothing else seems to be restricting access to data. So if your Snowflake tenant isn't enforcing IP restriction to limit source auth attempts, those creds can be used to pull the data from any source IP.

Even then, you'll still have an HTTP 403 response layer filtering those auth attempts based on IP... where we can assume these failed to implement it.

So far between TechCrunch, Wired, and other reporting it seems most claim creds get owned, sold, then used against under-restrictive Snowflake tenants which are exposed by default.

i.e; https://epa06486.snowflakecomputing.com/console/login#/ here's someone's tenant, if you were able to go buy some creds for it, should walk right in.

[edit] I have a more detailed Snowflake comment with references that might fill in better gaps here; https://news.ycombinator.com/item?id=40554753