Email or username:

Password:

Forgot your password?
Top-level
Foone🏳️‍⚧️

okay found their S3 creds. they hardcoded them in a Jenkinsfile.

23 comments
Foone🏳️‍⚧️ replied to Foone🏳️‍⚧️

not a good sign to see a bash case statement for environment, and prod sets the server to FOOBAR.EGG
and test sets the server to... FOOBAR.EGG

Foone🏳️‍⚧️ replied to Foone🏳️‍⚧️

anyway I'm gonna be near their HQ on thursday. Maybe I'll stop by and ask if they're still in business, and if they are, do they know where their NUCs are?

Foone🏳️‍⚧️ replied to Foone🏳️‍⚧️

and in case anyone is getting deja-vu:

This is a completely different company than the other one I found like 3 weeks ago:

digipres.club/@foone/112817523

Foone🏳️‍⚧️ replied to Foone🏳️‍⚧️

I'm really not the right person to work in computer security research, but it'd be nice to have a sort of consulting job with a local one where I can just point them at some really broken shit and they investigate it and maybe give me a commission

Foone🏳️‍⚧️ replied to Foone🏳️‍⚧️

Why the fuck is this on hacker news? ugh. I'm gonna need to run my own mastodon instance, aren't I?

If you found this on hacker news, you owe me 5$:

digipres.club/@foone/112929955

sleepy replied to Foone🏳️‍⚧️

@foone I run my own, it's not terrible but also is terrible.

vandys replied to Foone🏳️‍⚧️

@foone For single user (or small # of user) instances, you might want to look at the might lighter weight (and therefore cheaper to run):

https://docs.gotosocial.org/en/latest/getting_started/

JLab8 replied to Foone🏳️‍⚧️

@foone honestly, you should probably see if the California Privacy Protection Agency is hiring investigators.

insecurity princess 🌈💖🔥 replied to Foone🏳️‍⚧️

@foone you can make some money (not a lot) from responsible disclosure to bug bounty programs

But many companies like this don't have structured and rewarded bug bounty programs

SeanOMik replied to Foone🏳️‍⚧️

@foone where do you find these devices? eBay? A local recycling center?

CatSalad🐈🥗 (D.Burch) :blobcatrainbow: replied to Foone🏳️‍⚧️

@foone @SeanOMik *old person voice* Back in my day we used to have to dumpster dive. Now they just give you all of PROD as is

Alex replied to CatSalad🐈🥗 (D.Burch) :blobcatrainbow:

@catsalad @foone @SeanOMik just pull up to an office and break in. free computers.

Btw, I am not held liable for any damages or criminal activity that you, your spouse, and your cat does.

Alex replied to Foone🏳️‍⚧️

@foone @SeanOMik i thought about a local recycling ewaste company being a front for hoarding a lot of sensitive data from systems because people don't wipe which would make it an interesting watering hole if you think about it.

Aaron Longchamps replied to Foone🏳️‍⚧️

@foone @catsalad reminds me of when I got a used HPE DL380 Gen 9 off eBay. No disks inside, but I could tell very clearly where it came from based on the iLO: a big animation studio.

Go Up