Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
undefined | Better HN
0 points
mingus88
4mo ago
0 comments
Share
It’s the key used by the attackers in the payload I think. So you publish it and a scanner will revoke it
0 comments
default
newest
oldest
trees101
4mo ago
oh I see, you're force-revoking someone else's key
rswail
4mo ago
Which is an interesting DOS attack if you can find someone's key.
OJFord
4mo ago
The interesting thing is that (if you're an attacker) your choice of attack is DoS when you have... anything available to you.
freakynit
4mo ago
Does this mean a program can be written to generate all possible api keys and upload to github thereby revoke everyone's access?
kylecazar
4mo ago
They are designed to be long enough that it's entirely impractical to do this.
All possible
is a massive number.
freakynit
4mo ago
That's true tho... possible, but impractical.
3 more replies
j
/
k
navigate · click thread line to collapse
