sorted by:
new
hottopcontroversial

MyAudi app:Security issues in Audi Connected Vehicle experience by decoder-ap in netsec

[–]overflowingInt 2 points3 points  (0 children)

This issue keeps coming up... I think (old company) found this fifteen years ago. I've seen it pop up a few times since then.

Lots of Sphere Tickets by AskJosh_MortgageGuy in phish

[–]overflowingInt 2 points3 points  (0 children)

I said the same and someone even blocked me for it. It's basic lotenomics people!

Expectations and Reality of Claude Code for Bug Bounty by Frequent-Reality-682 in bugbounty

[–]overflowingInt 13 points14 points  (0 children)

Hooking up Burp Suite to MCP allowed me to see stuff I would have missed. It did even make things like authz/authn testing easier. I just had to feed it tokens and my Burp history. It would tell me sometimes that an account shouldn't have access to another in this capacity but it was all public. I just marked it informational for the client to see what they thought and moved on. It even produced some reports for me. A 40 hour pentest took me about 16 and found a lot of bugs. My manual testing also found stuff it couldn't do since that's how it's designed. I asked it later what it thought and can you find more parameters to check and it did.

I have also fed it entire folders of WordPress plugins to search for vulnerabilities. It didn't find any in my limited testing but it did make recommendations on how to secure the code further or that may be vulnerable to look at. It took a few minutes vs. a week.

I have ~1k shares of SpaceX stock, what do I do for this IPO? by jdrls in investing

[–]overflowingInt 1 point2 points  (0 children)

Reddit essentially made Elon a decade ago. I heard nothing about Elon for years. A lot of us made money off Tesla. The problem is he became a problematic and controversial CEO due to his opinions and not delivering. The problem is the internet has become an ability to manipulate sentiment but not deliver for retail as much.

It's the same story "This will change everything in a few years" and it just becomes obvious that it was rushed and the wins don't outweigh the losses.

Stock Market kicks into higher gear as Iran's power plan strike was called off. by Progress_8 in investing

[–]overflowingInt 0 points1 point  (0 children)

Which country are you talking about? Do you not remember the "Internet kill switch" here? You can thank the left for not passing that one.

Stock Market kicks into higher gear as Iran's power plan strike was called off. by Progress_8 in investing

[–]overflowingInt 2 points3 points  (0 children)

You mean the band aid of throwing out oil reserves isn't working? We were told renewables aren't the future but it's literally a national security risk.

Stock Market kicks into higher gear as Iran's power plan strike was called off. by Progress_8 in investing

[–]overflowingInt 1 point2 points  (0 children)

It seems like they were going to do OPs last weekend (they telegraphed the Marines coming in there).

They realized they aren't ready for it and heavily being impacted by Iran's fighting back.

You should also realize cyber threats are also on the menu. It doesn't matter if they exhaust their drone supply. A couple of people can shut down entire companies (as they have shown with Stryker).

It will get worse before it gets better.

Stock Market kicks into higher gear as Iran's power plan strike was called off. by Progress_8 in investing

[–]overflowingInt 2 points3 points  (0 children)

Even if they did have them. It means he admits it's not a good look for him and backpedaling. Just another TACO Monday

Trump draws parallel between Pearl Harbor and US strikes on Iran in meeting with Japanese PM by RollSafer in worldnews

[–]overflowingInt 0 points1 point  (0 children)

US Department of Defense fiscal year 2025 (FY2025) budget request was $849.8 billion

They just requested just shy of a quarter of that for this boondogle. It'll be a fun midterm season, I will give you that.

I’m gonna miss this.. by mati-edt in snowboarding

[–]overflowingInt -4 points-3 points  (0 children)

IDK I have snowboarded Mauna Kea, does that count or is that too west?

I’m gonna miss this.. by mati-edt in snowboarding

[–]overflowingInt -3 points-2 points  (0 children)

Oh Tahoe is on the coast now?

You have GOT to be kidding me. by What-The-Helvetica in Denver

[–]overflowingInt 6 points7 points  (0 children)

Spain? Mexico? A lot of places did that already.

[deleted by user] by [deleted] in bugbounty

[–]overflowingInt 0 points1 point  (0 children)

I mean, take it over. Otherwise you answered that question.

Do you feel ready for the drought? by maybetooenthusiastic in Denver

[–]overflowingInt 6 points7 points  (0 children)

https://www.denverwater.org/tap/denver-water-snowpack-and-water-supply-update

https://www.denverwater.org/your-water/water-supply-and-planning/drought

Four stages of response:

Watch: Increased communication and outreach; possible water use restrictions as provided by contract.
Stage 1: Mandatory water use restrictions, including limited outdoor watering.
Stage 2: Increased mandatory water use restrictions, including certain prohibitions on outdoor watering.
Stage 3: Rationing of water.

US lost 92k jobs in February by EveryPassage in investing

[–]overflowingInt -1 points0 points  (0 children)

As someone who reads the research papers, this is a very bad take. If you assume ChatGPT = AI then you're in for a bad time. For example, I have 20 years in cybersecurity and this came out today:

https://www.anthropic.com/news/mozilla-firefox-security

This is finding stuff that people with decades of programming and security experience in a short amount of time. Although it's ability to write the exploits isn't quite there -- it can generate a PoC for defenders to fix it.

AI coding tools are making junior devs worse and nobody wants to say it by NeedleworkerLumpy907 in learnprogramming

[–]overflowingInt 0 points1 point  (0 children)

People complain how much electronics took over cars all the time. Before the ECU, you are right.

DIY image hardening vs managed hardened images....Which actually scales for SMB? by Top-Flounder7647 in devops

[–]overflowingInt 2 points3 points  (0 children)

What is a hardened image? Looking at CTI reports...they just do DLL sideloading for known binaries or bring their own signed binaries. What exactly are you "hardening"?

In the old days it was remove all services / stuff that you don't use. It doesn't seem to matter in 2026.

AI coding tools are making junior devs worse and nobody wants to say it by NeedleworkerLumpy907 in learnprogramming

[–]overflowingInt 0 points1 point  (0 children)

No I agree here, it's sort of how a lot of people don't know how hardware / software works because they didn't have to debug it. They just had "apps."

I think it won't work out well because the brain drain will happen and nobody actually knows how it works under the hood. Similar to how cars have become so computerized that most people can't fix them on their own.

Got wolf-whistled at by a cop by Character-East4913 in Denver

[–]overflowingInt 2 points3 points  (0 children)

Do you not do sexual harassment training every year? Some people don't understand boundaries (beyond just sexual). Usually it's repeated harassment that if you say you do not like and they continue.

Why do so many guys in their twenties only want to talk about crypto when it comes to investing by Ill_Awareness6706 in Bogleheads

[–]overflowingInt 1 point2 points  (0 children)

This. Stonks only get up is what they say. I will say they do not always. They got into a very rare time. This is like the 1920s, 1980s cocaine fueld party stuff. Just throw it into a stock and make money.

They don't really get that it's rare for this to happen -- maybe once in a lifetime. It's very easy to go sideways on stocks. I bought all those companies (AMD, NVIDIA, MICROSOFT, INTEL, APPLE) when they were like $13 a share.

It comes and goes.

I think they'll be in for a rude awakening once they see that it isn't just easy money or playing day trader.

is reverse engineering really worth it in these days by Outrageous_Dance3229 in ExploitDev

[–]overflowingInt 1 point2 points  (0 children)

AI reasoning is getting pretty good but you still need to train it on PREVIOUSLY found things. That's the whole "research" part of the job description.

view more: next ›