| ▲ | poly2it 38 minutes ago | |
> What stuck with me wasn’t the scale, although 14,000 people getting a phishing email from a domain I own is bad. It was how mundane it was. > There was no exploit. No vulnerability disclosure. No CVE for me to write. The attacker filled out my signup form 942 times, made 942 workspaces, sent 942 batches of about a hundred invitations each, and stopped. They used my tool exactly as designed. The design was just bad enough that the tool was good for phishing. | ||
| ▲ | Barbing 3 minutes ago | parent [-] | |
The comments continue until the patterns are internalized https://news.ycombinator.com/item?id=48316049 | ||