Hacker News: jamesmotherway

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

jamesmotherway — Wed, 27 Aug 2025 18:54:07 +0000

Article URL: https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/

Comments URL: https://news.ycombinator.com/item?id=45043522

Points: 4

# Comments: 0

New comment by jamesmotherway in "Favicon Hasher – An Osint Tool"

jamesmotherway — Tue, 25 Feb 2025 16:56:50 +0000

I've used favicons (along with analytics IDs) to identify related malicious sites. You can also apply this to detect brand abuse and phishing pages.

New comment by jamesmotherway in "Apple pulls data protection tool after UK government security row"

jamesmotherway — Fri, 21 Feb 2025 16:13:49 +0000

See the "Data categories and encryption" section:

"The table below provides more detail on how iCloud protects your data when using standard data protection or Advanced Data Protection."

https://support.apple.com/en-us/102651

New comment by jamesmotherway in "Why does storing 2FA codes in your password manager make sense?"

jamesmotherway — Thu, 02 Jan 2025 03:30:15 +0000

Sorry, I overlooked part of your post earlier - I'm tired. As I previously alluded to, I don't use passkeys due to concerns about their implementation. Whether passkeys are better than TOTP really depends on the individual user's circumstances.

Which service is it? Do they ever use that password?

If I were used to signing in with a passkey, I'd find a password prompt suspicious. While the average person might not, it's also possible they would have forgotten the password entirely. There are other services that force TOTP even with hardware keys enrolled. Technically they can be phished, but it would not be successful in all cases.

Unfortunately, varying behavior and support for multifactor protocols (along with risky reset flows) makes it hard to give blanket recommendations.

New comment by jamesmotherway in "Why does storing 2FA codes in your password manager make sense?"

jamesmotherway — Wed, 01 Jan 2025 18:54:45 +0000

Hardware keys and passkeys are better because they can't be phished. In the case of hardware keys, one should register multiple to prevent lockout. Most implementations of passkeys seem to be portable, letting them exist on multiple devices (something that gives me pause).

If an adversary can successfully phish someone, they can often also trick them into providing TOTP codes or approving push notifications. However, TOTP remains significantly better than the alternatives, as it prevents credential stuffing attacks and SMS-related compromises while potentially limiting any account breach to a single session.

New comment by jamesmotherway in "Why does storing 2FA codes in your password manager make sense?"

jamesmotherway — Wed, 01 Jan 2025 18:45:25 +0000

If the vault requires a hardware key and master password to access the encrypted password and token, would you still describe it as single-factor authentication?

New comment by jamesmotherway in "More telcos confirm Salt Typhoon breaches as White House weighs in"

jamesmotherway — Tue, 31 Dec 2024 19:13:48 +0000

China-nexus threat actors tend to be focused on espionage, including intellectual property theft. "Prepositioning" is a more recent observation, but it doesn't mean a war is inevitable. While it would be useful in that scenario, in others it may act only as a deterrent. Everyone should hope a war does not occur.

The NSA and CIA are neither able nor authorized to defend all privately-owned critical infrastructure. While concerns about agency oversight are warranted, I can assure you that spying on the population is not their top priority. It's abundantly clear that foreign threats aren't confined to their own geographies and networks. That can't be addressed without having the capability to look inward.

Secure by Design is an initiative led by CISA, which frequently shares guidance and threat reporting from the NSA and their partners. Unfortunately, they also can't unilaterally secure the private sector overnight.

These are difficult problems. Critical infrastructure owners and operators need to rise to the challenge we face.

New comment by jamesmotherway in "Apple Photos phones home on iOS 18 and macOS 15"

jamesmotherway — Mon, 30 Dec 2024 22:29:35 +0000

Is your system configured to share analytics and diagnostics? I disable both, and when a crash occurs, I receive a dialog with an "ignore" option.

New comment by jamesmotherway in "Personal Mail Server on OpenBSD (2019)"

jamesmotherway — Mon, 30 Dec 2024 22:17:33 +0000

Bad actors frequently use BuyVM's services, also known as FranTech and Ponynet. Their popularity with Tor operators probably doesn't help how their network traffic is perceived either. As a result, organizations may handle traffic from their ASNs unfavorably.

I don't have a personal opinion about the company; however, email is important enough that it's worth considering edge cases and future scenarios.

New comment by jamesmotherway in "Unidentified Drones Light Up New Jersey's Skies, Baffling Residents"

jamesmotherway — Wed, 11 Dec 2024 02:06:11 +0000

https://archive.is/NKPrR

New comment by jamesmotherway in "Simple Sabotage for the 21st Century – Specific Suggestions"

jamesmotherway — Sat, 30 Nov 2024 01:23:36 +0000

I'm assuming by "significant" you mean an attack on critical infrastructure.

That's a strategic capability that very likely requires multiple attack chains, not a single exploit. For Western countries, cost is probably the least significant factor in deciding to use it.

One would want to be certain that option is available, but only when absolutely necessary. Using it on a random Tuesday would take that particular option off the table forever. Best case scenario, Russia discovers the means by which the attack was carried out. Worst case, they retaliate with nuclear weapons.

Globally, I believe there are only a few countries capable of executing such a plan.

New comment by jamesmotherway in "Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230"

jamesmotherway — Thu, 28 Nov 2024 18:01:55 +0000

The X230 is still relevant for those who want a ThinkPad that supports Libreboot (an alternative firmware without proprietary components). I personally found this demonstration interesting; users of these devices often believe they're at risk of targeted attacks.

New comment by jamesmotherway in "Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230"

jamesmotherway — Thu, 28 Nov 2024 16:58:20 +0000

I'm inclined to believe it. If someone managed to prove Apple's lying about it, there would be serious reputational (and other) risks to their business. I also can't imagine how they would benefit from such a fabrication.

That said, I still use "Nanoblock" webcam covers and monitor for when either the camera or microphone are activated.

New comment by jamesmotherway in "Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230"

jamesmotherway — Thu, 28 Nov 2024 02:22:46 +0000

"All Apple silicon-based Mac notebooks and Intel-based Mac notebooks with the Apple T2 Security Chip feature a hardware disconnect that disables the microphone whenever the lid is closed. On all 13-inch MacBook Pro and MacBook Air notebooks with the T2 chip, all MacBook notebooks with a T2 chip from 2019 or later, and Mac notebooks with Apple silicon, this disconnect is implemented in hardware alone." [1]

[1] https://support.apple.com/guide/security/hardware-microphone...

New comment by jamesmotherway in "Security researchers identify new malware targeting Linux"

jamesmotherway — Fri, 22 Nov 2024 02:48:06 +0000

Threat actors don't create malware to impress people; they do it to accomplish their goals. Apparently, this sample was sufficient for them.

Security companies attribute activity based on their observations. ESET- a Slovakian company- is no exception.

New comment by jamesmotherway in "Why NSA Rules Say No to Smartphones, No to Texting, Yes to Podcasts"

jamesmotherway — Tue, 19 Nov 2024 18:46:38 +0000

The NSA publishes excellent cybersecurity resources:

https://www.nsa.gov/press-room/cybersecurity-advisories-guid...

I've highlighted advisories that may give you some perspective, listed in chronological order:

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

PRC MSS Tradecraft in Action

New comment by jamesmotherway in "Apple Intelligence notification summaries are pretty bad"

jamesmotherway — Tue, 19 Nov 2024 02:22:12 +0000

I understand where you're coming from, but Apple Intelligence is labelled as a beta feature.

New comment by jamesmotherway in "U.S. Consumer Watchdog Cautions Businesses on Surveillance of Workers"

jamesmotherway — Fri, 25 Oct 2024 15:39:02 +0000

The alternative in many cases would be to install MDM software on one's personal device, which seems like the worse option to me.

New comment by jamesmotherway in "FTC: Vast Surveillance of Users by Social Media and Video Streaming Companies"

jamesmotherway — Sat, 21 Sep 2024 14:47:48 +0000

Banks use various other services such as Early Warning. Still, it's absurd the lengths we need to go to for any level of assurance against fraud.

New comment by jamesmotherway in "Correlating Ownership of Sites Protected by Cloudflare"

jamesmotherway — Sun, 15 Sep 2024 14:58:53 +0000

Thanks for your feedback. I posted this because I've seen many people stop their analysis when they find a site is on Cloudflare.

Were you able to solve the challenge at the end?