Hacker News: ammar2

New comment by ammar2 in "Web Browsers on Video Game Consoles"

ammar2 — Thu, 11 Jun 2026 17:48:21 +0000

The PS5 also runs apps (games/browser) under a hypervisor. There was a hypervisor escape though coupled with webkit as an entrypoint:

* https://ps5dev.github.io/ps5-wiki/hypervisor

* https://github.com/PS5Dev/Byepervisor

* https://github.com/PS5Dev/PS5-UMTX-Jailbreak/blob/main/READM...

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 18:48:21 +0000

> GitHub runs a great program on HackerOne

I agree, for the record here's my HackerOne profile https://hackerone.com/ammar2/hacktivity?type=user

Just for context, that 2023 bug was initially reported to GitHub's HackerOne program and they explicitly told me it was out of scope for them and to take it to MSRC:

> We have reviewed the report and determined that the vulnerabilities is in VS code and the fix will be implemented by Microsoft. As a result, it is not eligible for reward under the Bug Bounty program. Please follow-up with Microsoft via the report you submitted.

There was also an additional bug that allowed an attacker to exfiltrate private repo contents with a github.dev link that MSRC also marked as not having security impact.

I absolutely loved working with GitHub folks on the GitHub bug bounty program, they're responsive, go into technical details with you and are awesome to deal with. MSRC is like the polar opposite of that.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 16:43:51 +0000

heh, a friend actually pointed out a typo on a first draft and said "maybe you shouldn't fix it to show it's not LLM written".

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 15:36:24 +0000

It's not just based on that, if you read the linked report from 2023 (https://blog.ammaraskar.com/vscode-rce/), I had a bug with the exact same impact of token exfiltration (It did need one additional click on the VSCode interface). They marked it as low severity, fixed it silently, didn't acknowledge that it had security impact and did not provide me any credit much less a bounty.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 13:27:12 +0000

Update as of 3rd June: Microsoft has fixed this with a stopgap fix by adding a confirmation when opening notebooks in web VSCode and not allowing trusted publisher to be skipped by commands (https://github.com/microsoft/vscode/pull/319705).

That's probably one of the fastest responses I've seen from a vendor.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 13:06:10 +0000

You cannot, it doesn't go through the regular OAuth flow. GitHub just automatically grants it a token.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 04:43:51 +0000

1 and 2 are correct, take a look at the PoC repo here: https://github.com/ammaraskar/github-dev-token-steal-poc/tre...

We can try to just put a `my-extension/extension.js` for the most direct execution but the CSP blocks that. It's only a script-src CSP blocking it though, so fetching the package.json is still kosher. So we end up using it to contribute a keybinding instead.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 04:24:49 +0000

Thank you, that's a very kind comment.

I have no interest in selling these vulnerabilities or sitting on them. At the same time, it feels really bad to have a vendor disrespect the hours it can take to make a proof-of-concept by just patching it silently and not crediting you or acknowledging it.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 03:42:11 +0000

> instead of clout

I'm catching up on the infosec twitter side but it seems like it was even worse. A lot of people have the same story as me in 2023 of "they silently patch the bug and don't even credit you" which really stinks.

New comment by ammar2 in "1-Click GitHub Token Stealing via a VSCode Bug"

ammar2 — Wed, 03 Jun 2026 03:38:11 +0000

> it'd be awesome if the in-browser IDE launched with a temporary per-repo permission scope

That's actually exactly what they do for codespaces. The token only has read/write on the repo you activated for the codespace [1]. They should definitely consider doing that for github.dev as well.

[1] https://orca.security/resources/blog/hacking-github-codespac...

1-Click GitHub Token Stealing via a VSCode Bug

ammar2 — Tue, 02 Jun 2026 15:29:05 +0000

Article URL: https://blog.ammaraskar.com/github-token-stealing/

Comments URL: https://news.ycombinator.com/item?id=48371562

Points: 660

# Comments: 101

New comment by ammar2 in "GitHub is investigating unauthorized access to their internal repositories"

ammar2 — Wed, 20 May 2026 16:07:23 +0000

Also, the Github enterprise code is "obfuscated" but it uses a trivially reversible method just meant to be a minor roadblock. After you get past that you get the full ruby source code, no minification or anything.

For a while the key was literally:

> This obfuscation is intended to discourage GitHub Enterprise customers from making modifications to the VM. We know this 'encryption' is easily broken.

New comment by ammar2 in "Composer leaks contents of tokens configured as GitHub OAuth tokens"

ammar2 — Wed, 13 May 2026 20:16:13 +0000

Aah, the newlines were the thing I was missing. That makes sense then.

New comment by ammar2 in "Reverting the incremental GC in Python 3.14 and 3.15"

ammar2 — Wed, 13 May 2026 20:09:20 +0000

PEPs aren't necessarily just for language changes, e.g https://peps.python.org/pep-0436/ which is largely a CPython implementation detail.

New comment by ammar2 in "Composer leaks contents of tokens configured as GitHub OAuth tokens"

ammar2 — Wed, 13 May 2026 19:55:51 +0000

Could you elaborate on this bit on why Github's secret masking doesn't work here:

> GitHub Actions' built-in secret masker matches registered values as exact substrings. When the exception message is rendered by Symfony Console it may wrap, embed in In BaseIO.php line N: framing, or interleave with ANSI control sequences. So the masker does not redact, and the plaintext token reaches the log.

What does this log rendering look like such that the token from that code snippet becomes interleaved enough to not be a substring match?

I'm not familiar with composer/Symfony but I would expect something like:

  Line 34: Foo bar
  Line 34: Foo bar

New comment by ammar2 in ""cat readme.txt" is not safe if you use iTerm2"

ammar2 — Sat, 18 Apr 2026 00:48:26 +0000

> (and agents)

Ironically, agents have the exact same class of problem.

New comment by ammar2 in "Cloudflare is sponsoring Ladybird and Omarchy"

ammar2 — Mon, 22 Sep 2025 16:05:23 +0000

> Microsoft would fork it within hours

I haven't trudged through Chromium's commit statistics but has Microsoft been upstreaming many contributions? I'm skeptical that they are ready to take on the full brunt of Chromium maintenance on a whim, it would take a decent while to build up the teams and expertise for it.

New comment by ammar2 in "Airpass – Easily overcome WiFi time limits"

ammar2 — Sat, 21 Jun 2025 15:45:05 +0000

Glad this feature is built into most modern operating systems these days.

For MacOS (Sequoia+) you can just forget the network and reconnect to get a new MAC address [1].

Android's documentation for if it decides to generate a new address per connection is a little vague [2], but I'm guessing forgetting and reconnecting works as well, you may also need to flip the "Wi-Fi non-persistent MAC randomization" bit in developer settings.

On Windows, flipping the "Random hardware address" switch seems to cause it to generate a new seed/address for me.

[1] https://support.apple.com/en-euro/102509

[2] https://source.android.com/docs/core/connect/wifi-mac-random...

New comment by ammar2 in "Show HN: I built a hardware processor that runs Python"

ammar2 — Mon, 28 Apr 2025 20:21:15 +0000

> it includes instructions for stack manipulation, binary operations

Your example contains some integer arithmetic, I'm curious if you've implemented any other Python data types like floats/strings/tuples yet. If you have, how does your ISA handle binary operations for two different types like `1 + 1.0`, is there some sort of dispatch table based on the types on the stack?

New comment by ammar2 in "Show HN: I built a hardware processor that runs Python"

ammar2 — Mon, 28 Apr 2025 20:11:56 +0000

Aah, neat! Yeah, piggy-backing off pypy's work here would probably make the most sense.

It'll also be interesting to see how OP deals with things like dictionaries and lists.