
New hotness: Pwning devs with targeted poisoned stacks - LinuxBender
https://www.theregister.com/2020/09/04/disclosure_developer_targeting/
======
Mizza
As I mentioned in another comment, I'm apparently the person who said this,
but I think the tone of the article strips the talk of all of its context. The
talk was largely meant to be salty and humorous, not critical security advice.

Talk here:
[https://www.youtube.com/watch?v=Zu4zzfbvO_w](https://www.youtube.com/watch?v=Zu4zzfbvO_w)

~~~
srtjstjsj
The article seems fine and it's good security advice. It's absolutely right
that quite many developers constantly download and run hundreds of unverified
3rd party programs.

~~~
perl4ever
[http://gkoberger.github.io/stacksort/](http://gkoberger.github.io/stacksort/)

------
rileymat2
> Jones advised basic steps for devs such as not storing production code on
> their local machine...

This does not sound basic at all.

~~~
Mizza
In my talk, I said production data, not production code.

~~~
rileymat2
That makes much more sense.

------
valuearb
Poisoning StackOverflow posts that some developers will easily detect, report
and have removed seems like a “stupid” hypothetical that this “brilliant”
hacker has sold to a reporter.

~~~
Mizza
Weirdly enough, this article is about me.

I only noticed because I read HackerNews - I was never contacted by the
author.

The talk was a comical one, not one meant to be a grand security revelation
reported in this way.

