Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mixmastamyk 5 hours ago

If you're behind a NAT and have an evergreen browser, say FF with UBO, avoid email attachments, etc... it's not very risky.

esseph 4 hours ago | parent [-]

Did you know a website can scan your lan through a browser now?

https://developer.chrome.com/blog/local-network-access

Did you know that a lot of current home router NAT implementations are currently broken, in particular for UDP traffic handling, and you can therefore spoof your way into the network?

https://www.armis.com/research/nat-slipstreaming-v2-0/

A lot of router vulnerabilities floating around out there.

Ever hear of UPnP/UPnP2? Did you know that applications can trigger your router to open inbound ports for you?

There have also been some 0 click exploits lately, those are fun. You don't have to do anything at all!

https://github.com/Defense-Intelligence-Agency/Zero-Click-Ex...

Yeah, you're still at risk, and moreso because you're not aware of how open you are.

mixmastamyk 4 hours ago | parent | next [-]

You're talking to a Slashdot refugee. Haven't ever had UPnP available. I don't use Chrome and do use OpenWRT with AdGuard, you insensitive clod. ;-)

esseph 26 minutes ago | parent [-]

I had a 5 or 6 digit ID which was pretty good for a kid not from the Bay Area, but I never got into slashdot flame wars. I still reflexively check it many times a day.

agoodusername63 4 hours ago | parent | prev [-]

Do you think that the average HN commenter has the same phishing risk as your grandpa?

They're fine.

esseph 2 hours ago | parent [-]

Everybody says that until it happens to them. Every time.

bigstrat2003 2 hours ago | parent [-]

Considering I'm going 40 years strong of not once falling for a phishing scam, I feel pretty confident in my assessment that I won't do so in the future. It has to be an exceptionally good phish to get anyone moderately technical to even take a second look. And even then, generally one can tell upon a second look. It's not hard to not get phished.

esseph 2 hours ago | parent [-]

It can be visually identical to the real domain.

https://www.kicksecure.com/wiki/Unicode

It's also happened with code pushes on GitHub, which didn't get caught in code review, and has compromised build processes by introducing a malicious domain that is visually identical.

Sounds like a HN-type problem.

https://www.knostic.ai/blog/zero-width-unicode-characters-ri...