Hacker News new | past | comments | ask | show | jobs | submit | cyberbender's comments login

This is great; the less long-lived credentials the better!

Now developers just need to make sure they secure their code at the pipeline level. Pipeline compromise = package compromise.


Wow, I remember attempting to do this in University...glad someone much smarter than me figured it out :)


I've seen this firsthand...I think it is less of an issue at smaller companies where taking initiative and leaning into their intelligence is less politically restricted. At large organizations, often it requires too much energy for them navigate the bureaucracy and tap into their potential.


Does anyone know if Amazon can push patches down to these devices? Or are they forever vulnerable once the issue is discovered?


Yes, they update firmware and the version is reported in the Alexa app.

GPL source code for Echo devices: https://www.amazon.com/gp/help/customer/display.html?nodeId=...


Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: