Hacker News: dnet

Unauthenticated RCE as Qsecofr via IBM i Management Central

dnet — Fri, 05 Jun 2026 11:40:18 +0000

Article URL: https://blog.silentsignal.eu/2026/06/05/unauthenticated-rce-as-qsecofr-via-ibm-i-management-central/

Comments URL: https://news.ycombinator.com/item?id=48411055

Points: 2

# Comments: 0

New comment by dnet in "SSH Secret Menu"

dnet — Wed, 11 Mar 2026 08:57:09 +0000

In newer versions, it's disabled by default and you have to do something like this to enable in ~/.ssh/config:

    Host *
    EnableEscapeCommandline yes

New comment by dnet in "Apple has locked my Apple ID, and I have no recourse. A plea for help"

dnet — Sat, 13 Dec 2025 13:08:08 +0000

See https://doctorow.medium.com/como-is-infosec-307f87004563

> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.

New comment by dnet in "A webshell and a normal file that have the same MD5"

dnet — Wed, 24 Sep 2025 10:50:33 +0000

I assume the scanner is a separate library/service that receives the contents and returns a boolean safe/malicious result, and the implementation using MD5 to avoid expensive re-scans is an internal detail hidden from the caller.

New comment by dnet in "Show HN: Base, an SQLite database editor for macOS"

dnet — Tue, 26 Aug 2025 06:27:13 +0000

While the default is indeed to lock the entire database, it has been an option for 15 years to avoid this: https://www.sqlite.org/wal.html

New comment by dnet in "Stripe is PayPal circa 2010"

dnet — Sun, 09 Oct 2022 12:42:09 +0000

> After several lawsuits and years of backlash Paypal has stopped seizing people's money illegally.

Flipper Zero project might disagree:

https://nitter.lacontrevoie.fr/flipper_zero/status/156719464...

https://www.dailydot.com/debug/flipper-zero-paypal/

Hungary's top weather experts fired after wrong forecast on national holiday

dnet — Tue, 23 Aug 2022 17:06:09 +0000

Article URL: https://telex.hu/english/2022/08/23/hungarys-top-weather-experts-fired-for-wrong-forecast-on-national-holiday

Comments URL: https://news.ycombinator.com/item?id=32567860

Points: 4

# Comments: 0

New comment by dnet in "How to Store an SSH Key on a Yubikey"

dnet — Mon, 30 May 2022 10:45:11 +0000

I made my own CA for this because nothing else could provide transparency regarding certificate issuance (whether an attacker issued a "spare" backdoor certificate)

- source code: https://github.com/silentsignal/zsca

- my talk about the design and results: https://pretalx.hsbp.org/camppp7e5/talk/D3E9HN/

New comment by dnet in "Common libraries and data structures for C"

dnet — Tue, 17 May 2022 06:13:52 +0000

Why do you mention AVR? AVR-GCC has C++ support, that's what made the original Arduino (before they switched to ARM) approachable to beginners.

New comment by dnet in "Plaid is an evil nightmare product from Security Hell"

dnet — Sat, 19 Feb 2022 12:17:35 +0000

> I'm not even sure it's working in the EU yet?

It's called PSD2 and it applies EU-wide since September 2019. Banks have to make _some_ form of API available to third parties. However, these third parties must meet certain criteria and get a license in one of the member states. This makes sense since they can access financial data, and they only have to do it once. So a fintech licensed in e.g. Belgium can access the APIs of a bank in France and vice versa. Since banks already have most of the necessary rules and paperwork in place, I've seen many banks themselves become PSD2 clients as well, offering customers the ability to manage "foreign" bank accounts through their app as well.

New comment by dnet in "Apple added an orange dot that’s a showstopper for live visuals"

dnet — Mon, 20 Dec 2021 20:25:53 +0000

Not sure about VLC, but ffmpeg has great support for Blackmagic, you just have to download the Blackmagic SDK, compile ffmpeg with Blackmagic support (and the SDK in path) and then you'll have a separate input/output device available in ffmpeg. The other great thing about this approach is that this way audio also takes a dedicated, integrated path, bypassing OS layers and maintaining sync with much less effort.

Our new tool for enumerating hidden Log4Shell-affected hosts

dnet — Sun, 12 Dec 2021 20:25:07 +0000

Article URL: https://blog.silentsignal.eu/2021/12/12/our-new-tool-for-enumerating-hidden-log4shell-affected-hosts/

Comments URL: https://news.ycombinator.com/item?id=29533252

Points: 22

# Comments: 3

New comment by dnet in "Maintenance windows are a mistake"

dnet — Tue, 05 Oct 2021 11:38:18 +0000

Erlang supports hot reloading by design with no limitations. There can even be some threads using the old and some using the new version simultaneously. It was designed for phone exchanges where they aimed for 9 nines of availability. You can install it on most mainstream operating systems.

New comment by dnet in "A Docker footgun led to a vandal deleting NewsBlur's MongoDB database"

dnet — Tue, 29 Jun 2021 05:53:11 +0000

Not necessarily -- there can be a number of reasons one can access localhost over the loopback interface that does _not_ imply root access: SSRF, misconfigured tunnels, or just a plain unpriviliged account where the attacker couldn't perform privilege escalation (either because the attacker's incompetence or the system being up-to-date and/or hardened)

New comment by dnet in "Abusing JWT public keys without the public key"

dnet — Mon, 08 Feb 2021 09:46:22 +0000

Yet we've had people argue that they wouldn't give us the public part of their JWT RSA signing keypair, because "they wouldn't publish that anyway", hence this post.

Abusing JWT public keys without the public key

dnet — Mon, 08 Feb 2021 09:00:05 +0000

Article URL: https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/

Comments URL: https://news.ycombinator.com/item?id=26062216

Points: 2

# Comments: 2

New comment by dnet in "Switzerland – Europe's Silicon Valley for Developers?"

dnet — Fri, 27 Nov 2020 18:00:43 +0000

Tresorit comes from Hungary, they just made a business entity in Switzerland to look better from security/privacy perspective. See https://en.wikipedia.org/wiki/Tresorit#History

New comment by dnet in "Brow.sh: a modern text-based browser"

dnet — Wed, 18 Nov 2020 11:17:52 +0000

Regular SSH won't work if your IP address changes since it uses TCP where sessions are tied to (IP address, port) tuples. However mosh uses UDP and its own session management scheme, so you can "roam" between IP addresses and your session will stay alive, you can continue typing and will receive screen updates as if nothing has happened.

New comment by dnet in "Ask HN: Captcha Alternatives?"

dnet — Tue, 01 Sep 2020 07:50:18 +0000

That wouldn't work for HTTP(S) or anything else that works over TCP since the reply would go towards the fake source IP address, thus the attacker couldn't even get past the 3-way TCP handshake.

New comment by dnet in "GitHub was down"

dnet — Mon, 13 Jul 2020 07:12:05 +0000

But those wouldn't take most of the world's public git repos down all at once just because of a single issue. Single points of failure have a bad reputation for a reason.