d4n
|
6 years ago
|
on: Zoom has a signed binary that runs any unsigned script
Hey! I posted this. Just want to be clear it still pops up and asks the user to authenticate as seen in the original post. Tried to clarify this in the thread I don’t want people to get confused and think this is worse than it is. Still really weird and follows malware patterns. Most likely not a gatekeeper bypass or anything because delivery would be difficult but seemed like a sketchy decision to basically write their own sudo tool into the pre install scripts.
d4n
|
6 years ago
|
on: “We found PayPal vulnerabilities and PayPal punished us for it”
Unfortunately, for many companies, bug bounty programs have been the best invention in silencing security research and CVEs. They promise the world, beat you down on severity / payouts, sometimes just claim duplicate or known issue with no way to verify, and then block public disclosure. Very frustrating.
d4n
|
6 years ago
|
on: Ask HN: HNers, where do you hang out online in your spare time?
Discord, Reddit
d4n
|
6 years ago
|
on: Ask HN: Does your company offer commission for engineers?
There's a big difference though between "I helped scope the work and talk with the prospect / demo / whatever" vs. "I was the sole source of this customer and made the introduction." I don't mind bringing something to a friend if they're likely to be genuinely interested in it, but it seems weird for sales to be like "can you introduce me to your connection on LinkedIn."
d4n
|
6 years ago
|
on: Rtty – Access a device’s terminal from anywhere via the web
I have gotten around this by hosting SSHD on web ports before, or going through a SOCKS proxy.
