Hacker News new | past | comments | ask | show | jobs | submit login

The article says this: “Although we did not test for this functionality explicitly as the testing was conducted prior to August 14th, we believe this attack scenario is highly likely given the functionality observed prior to August 14th.”



a belief is not the truth


So they shouldn’t have published what they’ve discovered so far?


I think it was great that they contacted Slack the way they did. It's also okay for me to publish. I just don't think it deserves much fanfare; in my opinion, this isn't a huge or serious vulnerability, that's all.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: