batram's comments

batram | 11 years ago | on: Ask HN: What code do you frequently read?

Decompiled ActionScript looking for vulnerabilities. Using https://www.free-decompiler.com/ to decompile and analyzing the code in my own tools.

I really love the clean code the decompiler gives you, compared to packed JavaScript which is just a pain to read for a human.

batram | 11 years ago | on: Ask HN: Maybe found huge security problem, unsure what to do

In cases like this I adopted a best effort policy, look for contact information on the site and via google ("company-name security"). If I find a (simple and quick) way to contact the company I send them a simple report. If there is no way or no easy way to contact them, I am done and they get nothing.

You stated that you send them two messages via a form dedicated to reporting securities vulnerabilities and even tried to call them. I think you have done more than enough and can relax and wait. (Don't bombard them with too many emails.)

Some in these comments say that you might get sued. As long as you don't publish or threaten to publish the vulnerability, I don't see that happening (but than again IANAL).

It is always exciting when you find (your first) vulnerabilities on "high value" targets, but in the end of the day a laymen might not realize that most of the websites even in the Top 100 on Alexa have some security problems.

If you personally use the site and fear for your security, you may want to try a bit harder. For example I have tried multiple times to let my bank know about a vulnerability, but never got a satisfactory answer.

batram | 11 years ago | on: Netflix on Linux with Chrome

If you use Ubuntu 14.04 (like me) you have to install a newer version of libnss3 (at least 3.16.2) and than it works.

Runs smoother than pipelight + firefox at least for me.