Hacker News new | past | comments | ask | show | jobs | submit | mvolfik's comments login

I'll be soon doing this for a project running on LAN without connection to internet, during events once COVID is over

Then you can retrieve salt, do hash on server, and use the stored procedure to compare. More requests, but a tradeoff for security \o/

I think there was some bug in a big service (Twitter? very unsure) a few years ago related to this conflict of ISO and 'real' year

Czech Mapy.cz (part of a big corporation for cz scale) also has a good one (almost) every year. This year they restricted you from browsing more than 10 km from your location and the map went blank after 9 PM, according to current covid restrictions here. Obviously, there was a simple way to escape it.

I loved this article, but I'm confused about one thing – if I read it correctly, it seems to connect hacked routers inserting tokens into traffic, and tokens found on hundreds of pages (discovered with a script run by the author). But he wouldn't see these at all, so the same token found by him on many hosts is caused by something different, isn't it?

I think you misunderstood about his scripts; his primary source of data is from acquiring the domain the malicious scripts were hosted on and he wrote scripts to summarize the server logs of his previously malicious CDN.

He knows the script URL and referrer URL of each attempt to invoke the malicious scripts. The URLs of the scripts seem to include the token to configure them to the attacker.

He visited sites in the referrers and looked them up in search only to do tests to convince himself that the pages are clean and the servers aren't conditionally returning the malicious content, etc.

in comments on the first commit it was said that the access was revoked, but another one appeared, which points at the server

but why would you test that so obviously ('fix typo' but add code)? and they made it clear that they likely had access to the git server (by pushing 'from' different accounts), which (obviously, if that's what is actually happening) can kill their access

am I understanding it correctly that somebody had breached the PHP git server and tried selling it to 0-day and similar exploiting businesses?

That was my assumption given that they explicitly mentioned zerodium. But so far only the commit itself is public, so until we know more about the attack or the attacker, this is pure speculation. The tweet from zerodium is not clear on whether they received an offer for this vulnerability, unfortunately.

This is the thing - for some things (e.g. searching for tech to use), you care about recency. But for something you absolutely don't. But the search engines magic seems to throw this all into one bucket and notice that people are more clicking the '2021' links. And the consequence of this is SEO optimization done by automatically updating all links to current year - I searched for something on 1st Jan and already got a bunch of '2021 comparisons'

It's a common content marketing tactic to update post titles to include "for 2021" a few weeks ahead of the new year. It's a tweak to get it ranking, as every other content marketer is doing the same.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact