Readit News logoReadit News
user5994461 commented on We hacked Burger King: How auth bypass led to drive-thru audio surveillance   bobdahacker.com/blog/rbi-... · Posted by u/BobDaHacker
EMIRELADERO · 3 months ago
It's DMCA abuse because that process is only legal to use in case of actual copyright infringement, not just any content you might have a moral claim over.

You can see on the email that the "Original work" field is just a link to the BK website.

user5994461 · 3 months ago
> It's DMCA abuse because that process is only legal to use in case of actual copyright infringement, not just any content you might have a moral claim over.

I will reply to this comment because it's the easier to address, you're really hitting on the main misconception :D

It is incorrect to think that the DMCA form is only valid for copyright.

You need to contact the other party to start a legal dispute, you can do so by any available communication channels. The website is hidden behind cloudflare which purposefully hides the identity of the author and prevents any contact, except via a DMCA form. Burger King filled the DMCA form to get in touch with the author. It's merely a mean to legally contact the author and start a dispute, in the absence of better options.

It worked, cloudflare forwarded the form to the author (and the author decided to take down the article on their own). I really can't think of any reason why it would not be considered a reasonable and legitimate use of the form. All the better because it's an official legal form.

user5994461 commented on We hacked Burger King: How auth bypass led to drive-thru audio surveillance   bobdahacker.com/blog/rbi-... · Posted by u/BobDaHacker
djoldman · 3 months ago
Assuming:

1. Jane, a security researcher, discovers a vulnerability in a Acme Corporation's public-internet-facing website in a legal manner

2. Jane is a US resident and citizen

3. Acme Corporation is a US company

... is it legal for Jane to post publicly about the vulnerability with a proof of concept exploit?

Relatedly:

Why do security researchers privately inform companies of vulnerabilities and wait for them to patch before public disclosure? Are they afraid of liability?

user5994461 · 3 months ago
> Why do security researchers privately inform companies of vulnerabilities and wait for them to patch before public disclosure? Are they afraid of liability?

You don't publish because you don't want to cause harm and you don't want to be liable for it.

You need to realize that vulnerabilities don't exist in a vacuum. They grant access to computer systems that control the life of people (millions of people) including their personal information, passwords, passport photos, card numbers, jobs, paychecks, transportation, food, etc... which is very likely to cover yourself, your mom, your family, your friends as you deal with larger companies.

When you publish a vulnerability, it will immediately be used by bad actors that intend to cause harm to all these people, including employees and customers.

Dead Comment

Dead Comment

Deleted Comment

Posted by u/user5994461 9 months ago
Requesting formal removal of all anaconda posts for copyright violationmeta.stackoverflow.com/qu...
user5994461 commented on Buggy animation in Atlassian Bitbucket is wasting half a CPU core at all times   thehftguy.com/2023/11/21/... · Posted by u/user5994461
ChoGGi · 2 years ago
This person has also stated the Linux kernel is hard-coded for 8 cores.

https://news.ycombinator.com/item?id=38260935

user5994461 · 2 years ago
If you're wondering about that one from few weeks ago. One person from Intel noticed the article and confirmed the kernel bug, they ran some of the kernel benchmarks on their 24 core CPU and found up to 15% improvements when fixed (most difference on scheduler fifo benchmark, though 0% difference on most benchmarks).

I've ran the same on my computer at home and I also got double digit percent difference on a 32 cores AMD.

user5994461 commented on Buggy animation in Atlassian Bitbucket is wasting half a CPU core at all times   thehftguy.com/2023/11/21/... · Posted by u/user5994461
selfhoster11 · 2 years ago
I love that the cookie notice on this website asks for consent to share tracking data with 766 advertising partners. I feel so comfortable with that.
user5994461 · 2 years ago
Sorry about that. It's a wordpress website on the official wordpress.com hosting, it's actually wordpress that is doing all this tracking out-of-the-box.

I will check if there are options to reduce that.

Posted by u/user5994461 2 years ago
Buggy animation in Atlassian Bitbucket is wasting half a CPU core at all timesthehftguy.com/2023/11/21/...
user5994461 commented on Tell HN: GitHub banned me permanently    · Posted by u/siproprio
siproprio · 3 years ago
Some messages could be viewed as flame/kind of abusive in the sense of criticizing a msft open source project, and they were absolutely not made in the company’s name. Obviously I deeply regret any trouble they could have caused.

Msft said it was a GitHub decision, they can’t interfere.

user5994461 · 3 years ago
I would expect MSFT to process official legal requests they receive for themselves and their subsidiaries.

EDIT: After more digging, I found the contact, the terms of services here https://docs.github.com/en/site-policy/github-terms/github-t... are linking to this legal section here https://docs.github.com/en/site-policy/other-site-policies/g... that contains address and email for legal requests. This is incorrectly put in a page "Guidelines for Legal Requests of User Data" but it's not about data request, it's for all legal requests.

u

u/user5994461

KarmaCake day11131July 24, 2016View Original