Hacker News: keisborg

New comment by keisborg in "How we rooted Copilot"

keisborg — Sun, 27 Jul 2025 08:24:30 +0000

One step closer to container breakout? Gaining root access give you a bigger attack surface for kernel exploits.

New comment by keisborg in "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"

keisborg — Wed, 25 Jun 2025 18:56:47 +0000

I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility

New comment by keisborg in "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"

keisborg — Wed, 25 Jun 2025 16:48:44 +0000

The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.

New comment by keisborg in "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"

keisborg — Wed, 25 Jun 2025 14:54:43 +0000

«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?

New comment by keisborg in "Show HN: I built a knife steel comparison tool"

keisborg — Sat, 17 May 2025 19:36:03 +0000

I looked through most of the charts, and I it seems like you cannot get the best of two worlds. Can you get good edge retention, ease of sharpening and toughness at the same time?

It would be nice with an example on how knife steel properties work. I assume there are balanced tradeoffs.

New comment by keisborg in "Anti-Personnel Computing (2023)"

keisborg — Tue, 13 May 2025 11:20:57 +0000

I love term how it plays on the words and the negative association we have with anti-personell mines

If we could have a ban on anti-personell computers…

New comment by keisborg in "U.S. autism data project sparks uproar over ethics, privacy and intent"

keisborg — Sun, 27 Apr 2025 11:03:23 +0000

I get a cloudflare puzzle when I try to visit this link :(

New comment by keisborg in "Wikipedia’s nonprofit status questioned by D.C. U.S. attorney"

keisborg — Sat, 26 Apr 2025 07:01:35 +0000

Ed Martin seems like a SME when he himself has been influenced by foreign agencies and spoke their case.

New comment by keisborg in "A Man Who Went to Fake Prison Also Went to Real Jail"

keisborg — Mon, 31 Mar 2025 18:26:18 +0000

Link is paywalled. Not possible to read

New comment by keisborg in "In Jail Without a Lawyer: How a Texas Town Fails Poor Defendants"

keisborg — Wed, 26 Mar 2025 07:34:31 +0000

We do not know why you are in jail, but because you are in jail you must have done something bad. We cannot just let bad people roam freely

New comment by keisborg in "Crew-9 Returns to Earth"

keisborg — Wed, 19 Mar 2025 06:09:37 +0000

We all are

New comment by keisborg in "Espressif's Response to Undocumented Commands in ESP32 Bluetooth by Tarlogic"

keisborg — Tue, 11 Mar 2025 22:51:41 +0000

So, they are basically saying that bash is vulnerable to arbitrary command execution?

New comment by keisborg in "Espressif's Response to Undocumented Commands in ESP32 Bluetooth by Tarlogic"

keisborg — Tue, 11 Mar 2025 22:28:32 +0000

I would hope so, but on

Tarlogics blog post, it is mentioned “modifying chips arbitrarily”, “infecting chips with malicious code”, “obtain confidential information stored on them”.

Even though they rephrased the backdoor wording, the remaining statements make me believe the undocumented functions can be used to gain code execution on the main cpu.

New comment by keisborg in "Espressif's Response to Undocumented Commands in ESP32 Bluetooth by Tarlogic"

keisborg — Tue, 11 Mar 2025 20:57:37 +0000

It it possible to create firmware that is encrypted and cannot be read out. Espressif state there is no security issues, but I have a feeling that these debug commands may be used to read out the flash of a properly secured esp32 that otherwise would not be possible…

New comment by keisborg in "A game of learning your homelab into a cyberpunk mystery adventure"

keisborg — Sat, 08 Mar 2025 12:36:29 +0000

There was someone that figured out how to detect if the output was piped or not to bash on the webserver, can consider the fact and chose to be malicious or not

New comment by keisborg in "What if America turned off Britain's weapons?"

keisborg — Fri, 07 Mar 2025 18:58:23 +0000

My understanding of the article is that it was about shutting down the program that keeps the nuclear navy afloat, not about a backdoor with a switch to turn off the arsenal

New comment by keisborg in "I created an MVP for an AI SVG maker in a week! Check it out!"

keisborg — Tue, 04 Mar 2025 06:44:14 +0000

Yeah, it says it will create an SVG in seconds, but seconds later, there is no SVG. Did not occur to me that I had to log in, but probably won’t as I cannot be bothered to follow black patterns…

New comment by keisborg in "Docker limits unauthenticated pulls to 10/HR/IP from Docker Hub, from March 1"

keisborg — Fri, 21 Feb 2025 20:34:58 +0000

I feel that dockerhub no longer can be the steward for the default docker repo because of this and the limitations they previously have implemented. It is time for them to hand over the baton stick to someone else, or that the notion of a default repo is removed all together

New comment by keisborg in "Docker limits unauthenticated pulls to 10/HR/IP from Docker Hub, from March 1"

keisborg — Fri, 21 Feb 2025 11:05:58 +0000

Exactly this. And when a base image has a new release, all images based on this will also need an update

New comment by keisborg in "Docker limits unauthenticated pulls to 10/HR/IP from Docker Hub, from March 1"

keisborg — Fri, 21 Feb 2025 10:27:36 +0000

It is not immediately clear to me if the limit is per repo/package or globally in the hub. For instance, I fear it will not be possible to add a new kubernetes node to my cluster without hitting the limit as it would need to pull all the individual images.