undefined | Better HN

0 pointsexikyut5y ago0 comments

Such strategies are remarkably effective, and maybe arguably describes all security in a nutshell.

Every time I notice an obscure feature in a Google product or service and go "hm, I wonder if that could be exploited", I then always go "...meh, it'll take too long and require too much concentration to figure it out."

0 comments

viraptor5y ago

No, not at scale. You may be discouraged, but there's someone who will have lots of fun breaking that specific feature.

See for example @jonasLyk who spent the last half a year (?) trying to abuse almost only the alternative streams and junction folders in windows.

exikyutOP5y ago

Wow, this guy is mad

https://twitter.com/jonaslyk

I can't help but picture him as a sysadmin walking away from a bunch of servers that are mysteriously 40% faster than ever before, but then he gets stopped at the door of the datacenter by some unimpressed looking lawyers who glare at him until he puts everything back

Thanks for the reference, and fair point, yeah that's not how it works at scale.

j / k navigate · click thread line to collapse