Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
beders
on Jan 22, 2025
|
parent
|
context
|
favorite
| on:
0-click deanonymization attack targeting Signal, D...
I think this is a valid observation and the affected apps should either add auth to resources they control - shared or not - or use an UUID to store it so names can't be guessed.
This only works because the attacker knows the URL.
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
This only works because the attacker knows the URL.