Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 1
Generated: 19:16:17
avatar
Tony tony@tlozano.com npub19p08...7vv5
Pro tip for being a good security engineer, instead of trying to make your peers fear the consequences of a vulnerability, invite them to play with the vulnerability and learn the risks themselves. Give them some working exploit code or demo. Show them the cool trick, then let them imagine the risks. Only elaborate on the risks after they accept the invitation to play. Fear is tyranny. Play is collaborative.
2025-04-27 20:58:40 from 1 relay(s) 1 replies ↓
Login to reply

Replies (1)

avatar
ynniv ynniv@ynniv.com npub12akj...6fdh
I'm a bit torn on that one. AI is going to make every day Day Zero. `And no vulnerability is too insignificant for the NSA to exploit. “Don’t assume a crack is too small to be noticed, or too small to be exploited,” he said. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones the NSA, and other nation-state attackers will seize on, he explained. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.” Even temporary cracks—vulnerabilities that exist on a system for mere hours or days—are sweet spots for the NSA.` https://archive.is/jGIrg
2025-04-27 21:08:32 from 1 relay(s) ↑ Parent Reply