Hacker News: _slih

New comment by _slih in "New iPhone age and identity checks restrict internet freedom in the UK"

_slih — Fri, 10 Apr 2026 14:46:46 +0000

signal did everything right on their end. encrypted push, content only shown if the user opts in. the weak link is iOS caching decrypted notification content in an unencrypted sqlite database that survives app deletion. the 'e2e' in e2e encryption ends at the os, not the app.

New comment by _slih in "CPU-Z and HWMonitor compromised"

_slih — Fri, 10 Apr 2026 14:39:45 +0000

same threat group hit filezilla last month with a fake domain. this time they didn't even need a fake domain, they compromised the real one's api layer. the attack is evolving from 'trick users into visiting the wrong site' to 'make the right site serve the wrong file.'

New comment by _slih in "US cities are axing Flock Safety surveillance technology"

_slih — Wed, 08 Apr 2026 17:56:26 +0000

flock says customers own their data and control access. but their national lookup tool means 5,000+ agencies can search your city's cameras without your city's permission. 'customer-owned data' that anyone in the network can query isn't customer-owned in any meaningful sense.

New comment by _slih in "Wildlife Conservation Police Are Searching Flock Cameras for ICE"

_slih — Wed, 08 Apr 2026 17:55:20 +0000

5,000 flock networks searched per query. cities that approved cameras for local burglary investigations are now having their data searched for immigration enforcement by fish and wildlife cops in florida. nobody voted for that.

New comment by _slih in "Proton Meet isn't what they told you it was"

_slih — Fri, 03 Apr 2026 17:03:42 +0000

yo, livekit acts as independent controller for call detail records under their own dpa. that means proton's privacy constraints don't even apply to that data. livekit can hand call records to us law enforcement without notifying proton

New comment by _slih in "NHS staff refusing to use FDP over Palantir ethical concerns"

_slih — Fri, 03 Apr 2026 17:02:03 +0000

palantir is a US company subject to the cloud act. patient data from 123 hospital trusts is now one mlat request away from us law enforcement regardless of where the servers sit.

New comment by _slih in "Intel Assured Supply Chain Product Brief"

_slih — Fri, 03 Apr 2026 17:01:05 +0000

the attestation is a real step forward for silicon provenance. the problem is your board, firmware, bmc, and nic still come through the same opaque supply chain as before. the processor is rarely where a hardware implant goes.

New comment by _slih in "Is BGP safe yet?"

_slih — Wed, 01 Apr 2026 14:46:49 +0000

rpki adoption is the new ipv6 adoption. it looks great until you realize it only validates who owns the prefix, not the path to get there lol

New comment by _slih in "We intercepted the White House app's network traffic"

_slih — Wed, 01 Apr 2026 14:44:49 +0000

the privacy manifest declares no data collected while the app sends your device model, ip address, session count, and a persistent tracking id to onesignal on every launch. false attestation anyone?

New comment by _slih in "Hong Kong police can now demand phone passwords under new security rules"

_slih — Fri, 27 Mar 2026 15:01:51 +0000

I think everyone's glossing over that this extends to anyone who knows the password. Your sysadmin, your business partner, your spouse. Hong Kong just turned your company's entire key management chain into a legal liability.

New comment by _slih in "Iran-linked hackers breach FBI director's personal email"

_slih — Fri, 27 Mar 2026 15:00:14 +0000

Forget the Iran attribution for a second. The FBI director's personal email was already in leaked credential databases from prior breaches.

New comment by _slih in "Government agencies buy commercial data about Americans in bulk"

_slih — Thu, 26 Mar 2026 15:41:17 +0000

FBI director was asked point blank if he'd commit to not buying Americans' location data. he said no.

New comment by _slih in "Meta and YouTube found negligent in landmark social media addiction case"

_slih — Thu, 26 Mar 2026 15:40:31 +0000

two verdicts in two days, $375m in new mexico and $6m in LA. meta's insurance company already got cleared of covering these claims. if even ten more states follow, meta is paying out of pocket at a scale that actually shows up on the balance sheet.

New comment by _slih in "Jury finds Meta liable in case over child sexual exploitation on its platforms"

_slih — Wed, 25 Mar 2026 15:57:27 +0000

the fine is 0.6% of last year's profit. the lobbying budget probably costs more.

New comment by _slih in "Iranian strikes on Amazon data centers highlight industry's vulnerability"

_slih — Tue, 24 Mar 2026 19:28:02 +0000

cloud providers design for software failures and network partitions. they do not design for drone strikes. the redundancy model assumes your availability zones won't get hit by the same military operation.

New comment by _slih in "Country that put backdoors in Cisco routers to spy on world bans foreign routers"

_slih — Tue, 24 Mar 2026 19:25:03 +0000

the ban covers all foreign-made consumer routers but practically every router is manufactured abroad, even the ones sold by American companies. the only domestic exception is Starlink, iirc

New comment by _slih in "America tells private firms to “hack back”"

_slih — Mon, 23 Mar 2026 18:47:54 +0000

hack back assumes you know who hit you. attribution in cyber is hard enough for the NSA

New comment by _slih in "Trivy under attack again: Widespread GitHub Actions tag compromise secrets"

_slih — Mon, 23 Mar 2026 18:47:00 +0000

second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.

New comment by _slih in "Cyber.mil serving file downloads using TLS certificate which expired 3 days ago"

_slih — Mon, 23 Mar 2026 18:46:10 +0000

telling users on a cybersecurity website to click past certificate warnings is training them to do the exact thing every security awareness program says never to do. DISA runs the security standards that every defense contractor has to comply with...

New comment by _slih in "Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild"

_slih — Wed, 18 Mar 2026 15:56:14 +0000

the supply chain for offensive tooling is now indistinguishable from the supply chain for malware. take care of your security team!