Hacker Newsnew | comments | show | ask | jobs | submitlogin

These are both really excellent points.

While DNS-hijacking Google.ps as a watering hole for HN seems like a bit of a long shot of a vector to get access to HN users, it would be a pretty logical vector for Palestinian Authority systems. And is likely a lot of other users would get unintentionally caught in the net.

Flash/Java vulnerabilities are also quite a bit cheaper (100k range), and well within the price range of most criminal APTs, let alone nation-states. But I imagine most, if not all, HN users have those extensions disabled by default.

So the only way to compromise the systems of most users here would be a 0-day javascript vulnerability in Chrome/Firefox. These are the 0-days to which I was referring, which are massively expensive.

But overall the point is valid. The risk, even if not that large that anyone here would be targeted, makes it a good idea not to post directly to compromised websites. I'm not exactly wild about a random workstation at any US company being compromised, even though they weren't explicitly targeted, by random Israeli hackers or even Unit 8200.




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: