HackerTrans
TopNewTrendsCommentsPastAskShowJobs

johncoatesdev

36 karmajoined 8 年前

Submissions

Who's Actually Running That Robot?

bostonglobe.com
2 points·by johncoatesdev·25 天前·0 comments

comments

johncoatesdev
·10 小時前·discuss
With a IDA Pro decompiler license & MCP server, paired with Codex/Claude Code... it would be a fun side quest.
johncoatesdev
·7 個月前·discuss
You last-minute cancelled coffee with your friends to work on this? I'm not sure how I would feel if a friend did that to me.
johncoatesdev
·8 個月前·discuss
Yes, but the advice shouldn't be "Never scan QR codes", it's more like: "be aware of dodgy QR codes by looking at the context in which it's placed".
johncoatesdev
·8 個月前·discuss
And how exactly do you plan to forge the SSL certificates to deliver your filtered contents?
johncoatesdev
·8 個月前·discuss
It's funny your warning about QR codes goes onto warn about PDF exploits. Yet you clicked the link to this article, by your own definition opening you up to "a whole different world of possible exploitations via whatever file is being returned". It's the nature of the internet to follow links, but our updated browsers keep us safe from exploits.

When was the last time you saw an un-targeted mass 0-day exploit campaign? There haven't been any for modern browsers. If we're talking about 0-days, you likely known there have been zero-click iMessage/WhatsApp vulnerabilities in the past. There's no protecting against those, but you're not here warning users to disable iMessage and WhatsApp. What's more realistic is making sure users keep their software updated, and trust that QR codes and links aren't going to waste a 0-day worth a million dollars on you.
johncoatesdev
·8 個月前·discuss
Updating software is good advice. Do you realize how many CVEs are reported on a daily basis? Once you've got a password manager you're largely protected against phishing, so the biggest target becomes your computer, and the most likely way to compromise that would be through outdated software with public vulnerabilities.

What do you expect your browser security levels to the max to do? Browsers are designed to be secure from default settings.
johncoatesdev
·8 個月前·discuss
It's completely the opposite of "use one password for everything". When you do that any single compromise of a website you have an account on means all your accounts are likely compromised. With a password manager you have a long random password for every single website, meaning a compromise is siloed to just that site.

Even if your password vault is stored on the cloud you're likely using a very secure passphrase for it that has 0 reuse anywhere else, so even if your password vault is stolen it's impossible to brute force.

For a hacker to comprise your password vault it would likely involve hacking your computer, which if you're keeping your software updated is a very difficult task these days without the target user's active help.