Hacker News: tjbecker

New comment by tjbecker in "Copy Fail"

tjbecker — Thu, 30 Apr 2026 03:18:48 +0000

https://x.com/i/status/2049687923814281351

> and yes, RHEL 14.3 doesn't exist We meant to say RHEL 10.1. Sorry for the confusion!

New comment by tjbecker in "Copy Fail"

tjbecker — Wed, 29 Apr 2026 20:37:35 +0000

For this crowd, I highly suggest checking out the technical writeup

https://xint.io/blog/copy-fail-linux-distributions

New comment by tjbecker in "Copy Fail"

tjbecker — Wed, 29 Apr 2026 20:36:32 +0000

This is correct. The container escape exploit and writeup is not yet released.

New comment by tjbecker in "Copy Fail"

tjbecker — Wed, 29 Apr 2026 20:33:19 +0000

I recommend reading the technical writeup https://xint.io/blog/copy-fail-linux-distributions

New comment by tjbecker in "Autonomous code analyzer beats all human teams at OSS zero-day competition"

tjbecker — Wed, 17 Dec 2025 02:15:11 +0000

This is fair, and we will gladly share the extraordinary evidence as soon as we can.

If you're curious, we have already released the full traces of finding a sqlite3 0day with an early version of Xint Code (submitted to the AIxCC competition and now open sourced): https://theori.io/blog/exploring-traces-63950

New comment by tjbecker in "Autonomous code analyzer beats all human teams at OSS zero-day competition"

tjbecker — Wed, 17 Dec 2025 02:09:53 +0000

In the commenter's defense, it's reasonable to be skeptical about the level of autonomy claimed in the post.

We are very eager to share more evidence (including the raw inputs and output artifacts for these bugs) and will absolutely do so as soon as we can.

Autonomous code analyzer beats all human teams at OSS zero-day competition

tjbecker — Tue, 16 Dec 2025 00:53:41 +0000

Article URL: https://theori.io/blog/announcing-xint-code

Comments URL: https://news.ycombinator.com/item?id=46283305

Points: 8

# Comments: 4

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

tjbecker — Wed, 26 May 2021 20:50:47 +0000

Article URL: https://arstechnica.com/gadgets/2021/05/exploitable-security-bug-remains-in-ios-and-macos-3-weeks-after-upstream-fix/

Comments URL: https://news.ycombinator.com/item?id=27295927

Points: 3

# Comments: 0

New comment by tjbecker in "Remote Code Execution in Slack desktop apps"

tjbecker — Sat, 29 Aug 2020 21:18:30 +0000

> Sure, but that isn’t the user’s fault, and they’re the ones who are going to get attacked.

This is true, but the responsibility to protect these users is ultimately on Slack, not the researcher. If Slack's bounties are nowhere near competitive with black market prices, they are failing to protect their users and should be called out on it.