Hacker News: Bnshsysjabhttps://news.ycombinator.com/user?id=BnshsysjabHacker News RSShttps://hnrss.org/hnrss v2.1.1Thu, 11 Jun 2026 04:49:31 +0000<![CDATA[New comment by Bnshsysjab in "Opensnitch, application level interactive firewall, heading into Debian"]]>How does this work on a technical level? What stops an app bypassing the firewall?

]]>Mon, 23 Jan 2023 05:02:11 +0000https://news.ycombinator.com/item?id=34485677Bnshsysjabhttps://news.ycombinator.com/item?id=34485677https://news.ycombinator.com/item?id=34485677<![CDATA[New comment by Bnshsysjab in "Samsung Ads – Demand-Side Platform"]]>Because TVs rapidly get outdated and die. If nothing else the 2inch thick bezels are an eye sore.

Just because I don’t care about 4K doesn’t mean I don’t care about image quality. I’d prefer 1080p@60 over 4k@30.

]]>Fri, 02 Oct 2020 22:57:37 +0000https://news.ycombinator.com/item?id=24667878Bnshsysjabhttps://news.ycombinator.com/item?id=24667878https://news.ycombinator.com/item?id=24667878<![CDATA[New comment by Bnshsysjab in "Samsung Ads – Demand-Side Platform"]]>720 to 4K is not the same as 480p to 720. The latter is far more noticeable. Most of the world hasn’t moved to 4K, I don’t see a huge amount of value in it personally.

]]>Fri, 02 Oct 2020 20:14:36 +0000https://news.ycombinator.com/item?id=24666595Bnshsysjabhttps://news.ycombinator.com/item?id=24666595https://news.ycombinator.com/item?id=24666595<![CDATA[New comment by Bnshsysjab in "Luna – Cloud gaming service"]]>You’re missing the point. Most people don’t want to download a video instead of streaming directly, which is a far lower barrier than procuring equipment, dealing with compatibility issues, doing system updates etc. I doubt competitive gamers will ever move across but it hugely reduces the barriers for casual or time poor gamers.

]]>Fri, 25 Sep 2020 03:18:00 +0000https://news.ycombinator.com/item?id=24586249Bnshsysjabhttps://news.ycombinator.com/item?id=24586249https://news.ycombinator.com/item?id=24586249<![CDATA[New comment by Bnshsysjab in "MalwareBazaar – Malware Sample Exchange"]]>That’s a fair point.

]]>Thu, 24 Sep 2020 04:52:53 +0000https://news.ycombinator.com/item?id=24575362Bnshsysjabhttps://news.ycombinator.com/item?id=24575362https://news.ycombinator.com/item?id=24575362<![CDATA[New comment by Bnshsysjab in "MalwareBazaar – Malware Sample Exchange"]]>As a side note, and I’ll create a separate thread: say my host is comprised by super sophisticated malware, aside from a reformat what other sanitisation practices can I do? Can I ever trust the hardware again? I don’t think we’re at a point where a firmware compromised graphics card can’t reinfect the processor?

]]>Wed, 23 Sep 2020 23:50:26 +0000https://news.ycombinator.com/item?id=24573667Bnshsysjabhttps://news.ycombinator.com/item?id=24573667https://news.ycombinator.com/item?id=24573667<![CDATA[New comment by Bnshsysjab in "MalwareBazaar – Malware Sample Exchange"]]>If you wanna go a little bit more paranoid, use a dedicated host to virtualise those machines and connect to the host via RDP/whatever, that should create another layer of safety.

]]>Wed, 23 Sep 2020 23:47:08 +0000https://news.ycombinator.com/item?id=24573633Bnshsysjabhttps://news.ycombinator.com/item?id=24573633https://news.ycombinator.com/item?id=24573633<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>No the risk is that somebody has decided to disregard security and general security process and create shadow IT, which if left unchecked will create massive problems within the organisation long term. If the culture is to disregard security, throw a waf infront and call it a day then they’ll pay for it financially (and possibly legally) in the long run and not something I’d want to associate with at all.

]]>Mon, 21 Sep 2020 01:38:42 +0000https://news.ycombinator.com/item?id=24538961Bnshsysjabhttps://news.ycombinator.com/item?id=24538961https://news.ycombinator.com/item?id=24538961<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>Nah you pull it offline and tell them to follow correct procurement and development practices. If your development teams aren’t talking to your security teams you have bigger problems than Wordpress.

]]>Sun, 20 Sep 2020 12:15:16 +0000https://news.ycombinator.com/item?id=24533551Bnshsysjabhttps://news.ycombinator.com/item?id=24533551https://news.ycombinator.com/item?id=24533551<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>You need to tweet your view of security requirements if you want to provide IT functions to users. Yes they are a nice to have, yes the cost of a data breach either to you or the user are highly damaging.

There’s nothing stopping most industries doing something stupid in the current state of things but I’m sure there will be in the future, you should be legally liable for your consumer data, irrespective of if you’re ‘nontechnical people running old versions of off the shelf software’ or not, mistakes happen, but failing the most obvious stuff in infosec is, IMO, criminally negligent. Waf or not.

]]>Sat, 19 Sep 2020 12:49:34 +0000https://news.ycombinator.com/item?id=24527071Bnshsysjabhttps://news.ycombinator.com/item?id=24527071https://news.ycombinator.com/item?id=24527071<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>See comment on parent.

]]>Sat, 19 Sep 2020 12:45:18 +0000https://news.ycombinator.com/item?id=24527042Bnshsysjabhttps://news.ycombinator.com/item?id=24527042https://news.ycombinator.com/item?id=24527042<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>I think ‘stop wasting time on dumb stuff and focus on actual security’ is a good take home for the HN crowd. Time and money is finite, so spend it wisely.

]]>Sat, 19 Sep 2020 10:15:37 +0000https://news.ycombinator.com/item?id=24526392Bnshsysjabhttps://news.ycombinator.com/item?id=24526392https://news.ycombinator.com/item?id=24526392<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>No it’s not recommending snake oil and telling them to do things properly instead I don’t. Care if that makes the security industry dry up, my only hope is that if it does the snake oil salespeople die with it.

]]>Sat, 19 Sep 2020 09:10:53 +0000https://news.ycombinator.com/item?id=24526183Bnshsysjabhttps://news.ycombinator.com/item?id=24526183https://news.ycombinator.com/item?id=24526183<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>I’ll ignore your condescending dribble but:

> Let’s also not forget that there is good money to be made off consulting for those companies that are “fucked”

Where the hell are your ethics?

]]>Sat, 19 Sep 2020 08:58:58 +0000https://news.ycombinator.com/item?id=24526149Bnshsysjabhttps://news.ycombinator.com/item?id=24526149https://news.ycombinator.com/item?id=24526149<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>Or maybe I’m just not scraping bottom of the barrel when it comes to security assessments. If the software is at that point the organisation is well and truly fucked, waf or not.

]]>Sat, 19 Sep 2020 07:09:31 +0000https://news.ycombinator.com/item?id=24525760Bnshsysjabhttps://news.ycombinator.com/item?id=24525760https://news.ycombinator.com/item?id=24525760<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>What if the payload is ‘a,b’ which renders as

Select a, b from foo;

]]>Fri, 18 Sep 2020 23:34:16 +0000https://news.ycombinator.com/item?id=24522909Bnshsysjabhttps://news.ycombinator.com/item?id=24522909https://news.ycombinator.com/item?id=24522909<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>Right but I’m the context of antivirus you’re executing unconstrained data in an unconstrained environment, in appsec you can handle data correctly rather than rely on a third party product that can’t contextualise or assess the impact of a payload on your application. I work in appsec and think WAF filtering is snake oil.

]]>Fri, 18 Sep 2020 23:33:08 +0000https://news.ycombinator.com/item?id=24522901Bnshsysjabhttps://news.ycombinator.com/item?id=24522901https://news.ycombinator.com/item?id=24522901<![CDATA[New comment by Bnshsysjab in "How I bypassed Cloudflare's SQL Injection filter"]]>I hate these kind of defenses. If your application is vulnerable to sqli, select is one of many tools an attacker can use and you’re pretty much screwed anyway.

Instead, use sane tooling, like modern ORMs and parameter izers, with some data sanitation if you’re really paranoid.

]]>Fri, 18 Sep 2020 23:29:32 +0000https://news.ycombinator.com/item?id=24522876Bnshsysjabhttps://news.ycombinator.com/item?id=24522876https://news.ycombinator.com/item?id=24522876<![CDATA[New comment by Bnshsysjab in "Super Mario Bros. 3 in 3 Minutes – World Record Speedrun Explained [video]"]]>Also be sure to check out the super Mario world flappy bird code injection:

https://youtu.be/hB6eY73sLV0

]]>Sun, 13 Sep 2020 06:54:52 +0000https://news.ycombinator.com/item?id=24458960Bnshsysjabhttps://news.ycombinator.com/item?id=24458960https://news.ycombinator.com/item?id=24458960<![CDATA[New comment by Bnshsysjab in "The Unix timestamp will begin with 16 this Sunday"]]>2037 is a potential overflow, I believe. I imagine only pre 2000 systems would likely be affected.

]]>Sat, 12 Sep 2020 15:15:22 +0000https://news.ycombinator.com/item?id=24453104Bnshsysjabhttps://news.ycombinator.com/item?id=24453104https://news.ycombinator.com/item?id=24453104