Hacker News: Magicstatic

Android Goes All-In on Fuzzing

Magicstatic — Tue, 29 Aug 2023 20:33:49 +0000

Article URL: https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html

Comments URL: https://news.ycombinator.com/item?id=37313603

Points: 2

# Comments: 0

New comment by Magicstatic in "FCC threatens to disconnect Twilio for illegal robocalls"

Magicstatic — Sun, 29 Jan 2023 18:45:46 +0000

I use Lookify.io which lets you look up a carrier without creating an account - you can also see if anyone else flags it as spammy but who knows if the reports are anything other than anecdotal

New comment by Magicstatic in "Overview of the 555-XXXX phone number"

Magicstatic — Mon, 14 Nov 2022 02:23:11 +0000

This is the craziest part of the whole article - imagine you wanted to own something like "555-FOOD" - to have this vanity number work in every area code, you'd be looking at hundreds of thousands of dollars (annually?) if you used Verizon to route the calls

New comment by Magicstatic in "Security researcher receives $1M bug bounty for saving company from $350M bug"

Magicstatic — Fri, 27 Aug 2021 19:16:46 +0000

Link to company confirming payment: https://twitter.com/josephdelong/status/1431314816698916865

Link to researcher writeup: https://www.paradigm.xyz/2021/08/two-rights-might-make-a-wro...

Security researcher receives $1M bug bounty for saving company from $350M bug

Magicstatic — Fri, 27 Aug 2021 19:11:07 +0000

Article URL: https://twitter.com/jon_bottarini/status/1431332757351845889

Comments URL: https://news.ycombinator.com/item?id=28331827

Points: 53

# Comments: 5

New comment by Magicstatic in "Apple explicitly asks employees to merge their personal and work accounts"

Magicstatic — Fri, 20 Aug 2021 04:12:37 +0000

This has been refuted and is simply misleading: https://twitter.com/jon_bottarini/status/1428569700859056129

New comment by Magicstatic in "Goldman seems to be running networking software from 2008"

Magicstatic — Wed, 30 Jun 2021 14:23:57 +0000

Anecdote: Out of every bank and financial institution I have ever tried hacking (ethically, as part of bug bounty programs) Goldman Sachs is hands down, without a doubt, the most secure externally. By a long shot. They have what basically amounts to a central authentication service that 95% of their public facing IP’s resolve to. Their sub domains are locked down, they have a reasonably good patch schedule, they swiftly denylist your IP after running light scanners - it’s not a joke. I challenge you to find a vulnerability - when you do - get some money for it: https://hackerone.com/goldmansachs

New comment by Magicstatic in "I’ve had the same supper for 10 years"

Magicstatic — Sat, 08 May 2021 04:11:19 +0000

Many of us including myself are unable to fathom living a life like this, but I imagine this man will die in peace with a flock of sheep to his name, listening to the cuckoos.

And he will be just as happy (if not happier) as any of us reading this article.

New comment by Magicstatic in "Changes at Basecamp"

Magicstatic — Tue, 27 Apr 2021 02:23:55 +0000

Sincere question - not meant to be inflammatory: Do you actually believe that most employees in the United States are coerced/forced to sign employment contracts, or are you simply playing devil's advocate?

New comment by Magicstatic in "EFF's reply to cease-&-desist letter – “Virtual Coachella” parody video"

Magicstatic — Thu, 08 Apr 2021 16:38:04 +0000

My favorite part of this response is in the footnote on page two, which states:

>If your client sincerely fears that this depiction is too realistic to be perceived as parody, Krazam’s video should be the least of its reputational concerns.

Followed by screenshots from the video showing the DocuSign "Docustage" and Meme Center (Sponsored by GE). At the end of the video itself, the Coachella participant is banned from the event because their "vibes are not compliant with the Coachella policy".

Glad EFF stepped in here to protect small creators such as this one.

EFF's reply to cease-&-desist letter – “Virtual Coachella” parody video

Magicstatic — Thu, 08 Apr 2021 15:55:15 +0000

Article URL: https://www.eff.org/ar/document/eff-letter-re-virtual-coachella-video

Comments URL: https://news.ycombinator.com/item?id=26740323

Points: 230

# Comments: 35

New comment by Magicstatic in "Look Up Unknown Phone Numbers Using Facebook Reset Password"

Magicstatic — Mon, 04 Jan 2021 17:37:56 +0000

Is this a security problem? Depends on who you ask - but I'm willing to bet it would fall into the "accepted risk" category for the Facebook security team if they had to evaluate this.

The reality is that phone number lookup services are available all over the web which provide even more information (first+last name, address, zip code, social media profile links, etc etc etc) for free (https://www.bestfreephonelookup.com/phone-number/ as an example) - these services get their info from data aggregators and usually - your carrier! I don't see how Facebook exposing (in _limited_, very specific circumstances) the first name of a persons phone number being a security issue.

All the people in this thread screaming GDPR violation don't understand that if someone decides to stop using Facebook and delete their account, this method to lookup someone will not work. Sidenote: If you're really paranoid about having your phone number expose your real name when you're using any type of service online, just sign up for a Google Voice (voice.google.com) account and link it to your cell phone - I use this whenever I sign up for anything online and it saves me a ton of spam and scam calls.

EDIT: Facebook removed the ability to use the in-app search box in Facebook to find people based on just a phone number, this has been removed for at least 2 years.

City of Tucson, AZ invites remote workers with over $7,500 in benefits

Magicstatic — Wed, 02 Dec 2020 22:50:41 +0000

Article URL: https://www.startuptucson.com/remotetucson

Comments URL: https://news.ycombinator.com/item?id=25282828

Points: 3

# Comments: 0

New comment by Magicstatic in "How did I hack Sizmek?(an Amazon company)"

Magicstatic — Thu, 21 May 2020 00:13:14 +0000

I don’t even know where to start with this post:

- This isn’t even necessarily a hack. At best, this is a mild inconvenience to the user accounts that you are locking out, on what appears to be a legacy system, due to a quasi-brute force.

- You are “hacking” this company, without their permission, because you want “payback” that Amazon didn’t hire you for what you perceive to be a racially opinionated interviewer. Despite whether this theory (yes, it is purely speculation) is true or not, I would imagine this is HR 101 and a company as large as Amazon would go to great lengths to ensure that this is not the case.

- Your sense of entitlement goes even further, despite having illegally “hacked” a company, after all of this you expect a payment from them?

If anything, this post reaffirms that they made the right decision in not hiring you for the role you were being considered for, and guarantees that you won’t have an opportunity to interview again.

New comment by Magicstatic in "How Apple's Screen Time is outsmarted by kids, frustrating parents"

Magicstatic — Wed, 16 Oct 2019 00:44:10 +0000

What’s peculiar about this is that parental restrictions itself on iOS has always been flawed, Apple knew about it, and it’s still an issue to this day. The sole purpose of parental restrictions on iPhone was to block adult websites... and that worked as well as you can imagine: https://www.jonbottarini.com/2017/03/09/bypassing-apples-ios...