HackerTrans
TopNewTrendsCommentsPastAskShowJobs

oliversild

no profile record

Submissions

[untitled]

1 points·by oliversild·2 tháng trước·0 comments

[untitled]

1 points·by oliversild·3 tháng trước·0 comments

[untitled]

1 points·by oliversild·6 tháng trước·0 comments

Critical RCE patched in Imunify360 affects up to 50M+ websites

patchstack.com
7 points·by oliversild·8 tháng trước·0 comments

Web hosts struggle to protect against WordPress vulnerabilities

patchstack.com
3 points·by oliversild·11 tháng trước·0 comments

$14.4K bounty paid for WordPress plugin vulnerability

patchstack.com
2 points·by oliversild·2 năm trước·0 comments

The State of WordPress Security 2024

patchstack.com
1 points·by oliversild·2 năm trước·0 comments

What Is Going on in China?

15 points·by oliversild·4 năm trước·10 comments

PHP Object Injection via Insecure Instantiation

patchstack.com
1 points·by oliversild·4 năm trước·0 comments

What if we have NFT ownership not stored on blockchain?

twitter.com
2 points·by oliversild·4 năm trước·3 comments

[untitled]

1 points·by oliversild·4 năm trước·0 comments

comments

oliversild
·2 tháng trước·discuss
Most WordPress websites have been holding relatively low value. Most are marketing landing pages and blogs. So the biggest gain for hackers have been the access to server resources to host phishing pages, redirect traffic, inject SEO spam and to build botnets (used to orchestrate DDOS attacks etc).

Now, WordPress 7.0 was just launched where you can connect Anthropic, OpenAI and Google Gemini models to automate pretty much anything on the website. Powerful, but also puts a massive target on its back. The ROI of hacking a random WordPress site just skyrocketed.

We’ll see how this plays out. But if this gets popular and people will start connecting their AI API keys to the sites then the amount of attacks we see against WordPress sites will grow exponentially. There will be new attack vectors invented, more supply chain attacks and significantly more vulnerabilities found in plugins.
oliversild
·năm ngoái·discuss
7966 vulnerabilities found, 33% unpatched when disclosed. 99.9% of those vulnerabilities are coming from third-party plugins/themes. Plugin developers really need to step up their security game.
oliversild
·4 năm trước·discuss
I'm not a blockchain developer, nor am I by any means a blockchain or NFT expert (maybe I shouldn't be even talking about this), but I can't figure out why we need blockchain so bad for storing proof of digital assets..

As far as I've understood - NFTs anyways rely on off-blockchain infrastructure that you have to trust your assets to (i.e opensea hosting your picture on their decentralised storage). So isn't the 100% trust/transparency/integrity that you seek from blockchain already somewhat compromised? i.e maybe there's a catastrophic hardware error that wipes all servers where the pictures are stored, big oopsie, no backups.

Meanwhile having blockchain as a storage for ownership records make owning digital assets quite annoying actually. I need to first figure out how to get a wallet, then transfer USD to buy some CC, then potentially pay ridiculous fees to make the transaction and then wait for the transaction to go through. If I invest into NFTs and want to earn return, then probably at one point I need to pay all those fees again to get my USD back. Also there are so many steps where a small typo can ruin your day and also good luck getting your granny to do it. Oh, and all that computing power that is needed.

So... since I already need to trust off-blockchain entity to host my digital asset linked to the NFT, why can't I just trust them (or some other neutral party) to keep a public database of which assets are owned by which public keys. I would still have my wallet of my private keys and can verify my ownership all over the internet.

Maybe it would be a good alternative for NFTs that are for people who don't care about the blockchain and have no problem to trust a third-party organisation to keep track of ownership? In return, it would require less resources (as blockchain could be replaced with any SQL database really), transactions would be instant, fees could be fixed by the marketplace, payments could be made directly with USD or what ever currency. You can still prove your ownership around the web if you own the matching private key... and it's still as "CRYPTO" as NFTs.

Let's say I will make such marketplace. It is maintained by a democratic NGO (funded by marketplace fees) and the database of key/asset ownership is public, it's regularly publicly audited for integrity, etc (basically let's say it's trustworthy enough). Now you can upload any asset and connect ownership to a public key there. If you own the private key, then you can sell/trade, auction, etc the ownership of your item to someone else (just changing the public key who owns the asset on the DB). Would those assets be still as valuable as some of the NFTs are today? Would not using blockchain make these assets somehow less valuable? If the same art would be less valuable on such marketplace, that would open up an entire separate can of worms regarding what is actually creating the value then..

Anyways, I'm not trying to say that blockchain sucks and I wouldn't even have the expertise to make any such claims, but I'm having hard time to understand why do we trust a company to store our assets, but not to storage ownership logs/proof?

Why don't we have an alternative for people who don't have any problems with trusting someone for keeping the database of digital asset ownership. It would be a great alternative that would serve the exact same goal, but would be faster, greener, less expensive, etc.

¯\_(ツ)_/¯
oliversild
·4 năm trước·discuss
Patchstack.com (protects website from dependency/plugin vulnerabilities with automatic vpatches) is hiring:

- Front-end developer (Vue) - Backend developer (PHP/Laravel) - Threat Analyst (webappsec/ ability to do code-review)

Full-time remote, but we do currently look for people in EEST (+- 2 hours)

Just email [email protected]