Hacker News: Jlleitschuh

Digital Travel App TripBFF Exposed Location Data Way Too Accurately

Jlleitschuh — Sun, 11 Jan 2026 18:22:46 +0000

Article URL: https://medium.com/bugbountywriteup/digital-travel-app-tripbff-exposed-location-data-way-too-accurately-524cd0792a7d

Comments URL: https://news.ycombinator.com/item?id=46578136

Points: 1

# Comments: 0

What's an OSS Vulnerability Janitor?

Jlleitschuh — Thu, 31 Jul 2025 16:57:22 +0000

Article URL: https://infosecwriteups.com/what-is-a-oss-vulnerability-janitor-b7ab176bdd3f

Comments URL: https://news.ycombinator.com/item?id=44747578

Points: 1

# Comments: 0

Burn It with Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability

Jlleitschuh — Wed, 02 Jul 2025 16:58:13 +0000

Article URL: https://medium.com/@jonathan.leitschuh/burn-it-with-fire-how-to-eliminate-an-industry-wide-supply-chain-vulnerability-12515516fb56

Comments URL: https://news.ycombinator.com/item?id=44446067

Points: 1

# Comments: 0

The 160-Comment Fight to Fix SnakeYAML's RCE Default

Jlleitschuh — Thu, 05 Jun 2025 15:15:17 +0000

Article URL: https://infosecwriteups.com/️-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c

Comments URL: https://news.ycombinator.com/item?id=44192485

Points: 3

# Comments: 0

New comment by Jlleitschuh in "When Open Source Isn't: How OpenRewrite Lost Its Way"

Jlleitschuh — Wed, 14 May 2025 18:51:35 +0000

Moderne quietly relicensed community-contributed OpenRewrite code from Apache 2.0 to a proprietary license, abandoning its open source commitments. This decision risks legal exposure, undermines community trust, and sets a dangerous precedent for OSS stewardship.

When Open Source Isn't: How OpenRewrite Lost Its Way

Jlleitschuh — Wed, 14 May 2025 18:51:35 +0000

Article URL: https://medium.com/@jonathan.leitschuh/when-open-source-isnt-how-openrewrite-lost-its-way-642053be287d

Comments URL: https://news.ycombinator.com/item?id=43987976

Points: 5

# Comments: 3

New comment by Jlleitschuh in "Falsehoods People Believe about CVE's"

Jlleitschuh — Mon, 14 Apr 2025 16:04:22 +0000

Inspired by Falsehoods Programmers Believe About Names, this is a list of things people (wrongly) believe about CVEs. Some are naive. Some are overly optimistic. A few are just wishful thinking.

Falsehoods People Believe about CVE's

Jlleitschuh — Mon, 14 Apr 2025 16:04:22 +0000

Article URL: https://medium.com/@jonathan.leitschuh/falsehoods-people-believe-about-cves-85c1d063ffda

Comments URL: https://news.ycombinator.com/item?id=43682805

Points: 3

# Comments: 2

New comment by Jlleitschuh in "Codecov Bash Uploader compromised"

Jlleitschuh — Thu, 15 Apr 2021 21:07:59 +0000

Curious how you found that. Great find though. This is the exact line:

https://gist.github.com/davidrans/ca6e9ffa5865983d9f6aa00b7a...

New comment by Jlleitschuh in "Ask HN: Remote repos being used for C2 botnet, or VMS scan?"

Jlleitschuh — Mon, 19 Aug 2019 17:46:47 +0000

As a company working for one of the companies impacted by this weirdness we are just as concerned about the potential implications here as you are. We have followed up with JFrog about this and are waiting for a response from them about this.

I'm glad others are seeing these weird things too and it's giving them pause as well.

New comment by Jlleitschuh in "Vulnerability in the Mac Zoom client allows malicious websites to enable camera"

Jlleitschuh — Tue, 09 Jul 2019 07:22:13 +0000

Thanks for being cool!

New comment by Jlleitschuh in "Vulnerability in the Mac Zoom client allows malicious websites to enable camera"

Jlleitschuh — Tue, 09 Jul 2019 03:41:20 +0000

If you want to see some part of this fixed, please UPVOTE this issue:

https://github.com/mozilla/standards-positions/issues/143

New comment by Jlleitschuh in "Vulnerability in the Mac Zoom client allows malicious websites to enable camera"

Jlleitschuh — Tue, 09 Jul 2019 01:25:51 +0000

Hi I'm the author, AMA

Or come hang out in the party chat!

Use the exploit to join: https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_ifram...

New comment by Jlleitschuh in "Want to take over the Java ecosystem? All you need is a MITM"

Jlleitschuh — Mon, 10 Jun 2019 22:45:21 +0000

Oh hey! My article got shared here! Awesome!

I'm the author. AMA!