undefined | Better HN

0 pointslvh6y ago0 comments

Anecdote about said startups: in 2y of the one big bounty that did have a PGP key, we got one PGPd report, and it was “session takeover”: if I copy the cookie out of Burp and into a new Incognito session, I will be logged in. Bounty plz?

We also got super clever reports on that same bounty program. They just sent email.

0 comments

dunkelheit6y ago

Maybe all PGP users are morons, that's beside the point. My point is that if someone recommends something but doesn't follow their own recommendation, it is most likely that the recommendation is not well thought-out and can be ignored. In this case the recommendation to use Signal looks more like a refutation of the point brought up by PGP advocates and not something that anyone would actually do.

lvhOP6y ago

That’s a fair criticism and I will happily admit that’s what it should say: that all PGP users are morons. (Just kidding. You’re right re: bug bounty advice.)

j / k navigate · click thread line to collapse

0 pointslvh6y ago0 comments

We also got super clever reports on that same bounty program. They just sent email.

0 comments

dunkelheit6y ago

lvhOP6y ago

That’s a fair criticism and I will happily admit that’s what it should say: that all PGP users are morons. (Just kidding. You’re right re: bug bounty advice.)

j / k navigate · click thread line to collapse