Hacker News: elnerd

New comment by elnerd in "Project Glasswing: Securing critical software for the AI era"

elnerd — Wed, 08 Apr 2026 06:14:02 +0000

Yesterday, I took a web application, downloaded the trial and asked AI to be a security researcher and find me high and critical severity bugs.

Even vanilla models spew out POC for three RCE’s in less than an hour

New comment by elnerd in "RAM kits are now sold with one fake RAM stick alongside a real one"

elnerd — Sat, 14 Mar 2026 20:50:36 +0000

I have a fully populated server with 2x7K62 and 16x64GB (3200 mhz) for my home lab. Do you know how to check if I am affected by this?

New comment by elnerd in "An AI agent published a hit piece on me"

elnerd — Thu, 12 Feb 2026 18:25:21 +0000

«Document future incidents to build a case for AI contributor rights»

Is it too late to pull the plug on this menace?

New comment by elnerd in "Mobile carriers can get your GPS location"

elnerd — Sat, 31 Jan 2026 18:43:52 +0000

I just read gnutella page on Wikipedia, no mention of bad actors

New comment by elnerd in "Vulnerable WhisperPair Devices – Hijack Bluetooth Accessories Using Fast Pair"

elnerd — Thu, 22 Jan 2026 20:45:14 +0000

I have the impression this is not the same. In the linked video, they talked about unauthenticated functions in BLE if I recall correctly…

New comment by elnerd in "Apple testing new App Store design that blurs the line between ads and results"

elnerd — Tue, 20 Jan 2026 08:28:23 +0000

In related news, 10% of Meta ads are malicious, and they have Meta seems to have little incentive to stop it.

https://www.reuters.com/investigations/meta-is-earning-fortu...

New comment by elnerd in "Kubernetes egress control with squid proxy"

elnerd — Mon, 29 Dec 2025 18:27:34 +0000

Would it be be trivial to have a init container to do CA injection? Maybe though mutating admission controller? Then some CNI magic to redirect outbound traffic to do transparent proxying?

New comment by elnerd in "10 Years of Let's Encrypt"

elnerd — Wed, 10 Dec 2025 07:35:53 +0000

One domain parking actor is responsible for nearly 10% of all issued ssl certificates. 185.53.178.99. This is just one of many bad actors.

New comment by elnerd in "Disrupting the first reported AI-orchestrated cyber espionage campaign"

elnerd — Fri, 14 Nov 2025 06:17:17 +0000

We soon will have to implement paradoxes in our infrastructure.

New comment by elnerd in "Samsung makes ads on smart fridges official with upcoming software update"

elnerd — Wed, 29 Oct 2025 09:12:55 +0000

I unsubscribed from Spotify for this very reason.

New comment by elnerd in "Are these real CVEs? VulDB entries for dnsmasq rely on replacing config files"

elnerd — Tue, 28 Oct 2025 08:08:17 +0000

Just because you cannot see how a vulnerability can be exploited does not mean that others can. As you describe, people seem to assume that the only way the config file ends up on the server is «physically» editing it.

An anecdote: I have been struggling with exploiting a product that relies on MongoDb, I can replace the configuration file, but gaining RCE is not supported «functionality» in the embedded version as the __exec option came in a newer version.

A parser bug would be most welcome here.

New comment by elnerd in "./watch"

elnerd — Sun, 19 Oct 2025 10:50:18 +0000

What’s the emulator he used when designing the firmware?

New comment by elnerd in "EVs are depreciating faster than gas-powered cars"

elnerd — Fri, 17 Oct 2025 18:22:49 +0000

It is strange how EVs are measured by how far they can go full charge when this is a metric I never have seen for fossile cars. It tells a story how inconvenient EVs or the charging network really is

New comment by elnerd in "Privacy Badger is a free browser extension made by EFF to stop spying"

elnerd — Sun, 28 Sep 2025 15:06:19 +0000

You are actually more likely to buy a car just after you have bought a car than the 10 years you did not need to buy a car. Maybe not cars, but I’ve heard this argument for kitchen appliances. If you for some reason return the item you just bought, you may buy what you get ads for. Maybe you regret you did not get the premium one, especially when they shove it in your face afterwards…

New comment by elnerd in "Slack has raised our charges by $195k per year"

elnerd — Thu, 18 Sep 2025 06:14:16 +0000

Getting the rug pulled under you does not qualify as an experience you need. It happens, but should not be in the curriculum for kids.

I am sure that being forced to spend time on this steals time from more interesting projects.

New comment by elnerd in "An attacker’s blunder gave us a look into their operations"

elnerd — Wed, 10 Sep 2025 16:24:22 +0000

After thinking of it for a while, I do not think it is such a big issue. The threat actor was probably an adversary to existing huntress customers and the EDR probably reacted to his tooling and mistakes.

When doing red team engagements, we do the same, install same security solutions as the customer and work around it. It could be what happened here?

That the analysts spotted him and were able to connect it to existing cases is just good craftsmanship.

I no longer feel that it’s relevant to discuss a red line here. Huntress just did their job.

New comment by elnerd in "An attacker’s blunder gave us a look into their operations"

elnerd — Wed, 10 Sep 2025 06:10:58 +0000

Unrelated story; how politician gave us a look into their financial adventures.

I am curious where the red line is.

Any criminal activity or just behavior that the analysts find interesting?

Darcula and the Magic Cat: How Osint Unmasked a Phishing Tycoon

elnerd — Wed, 13 Aug 2025 06:30:12 +0000

Article URL: https://www.osint.industries/project/darcula-and-the-magic-cat-how-osint-unmasked-a-phishing-tycoon

Comments URL: https://news.ycombinator.com/item?id=44885241

Points: 2

# Comments: 0