Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
0 points
mingus88
2mo ago
0 comments
Share
It’s the key used by the attackers in the payload I think. So you publish it and a scanner will revoke it
undefined | Better HN
0 comments
default
newest
oldest
trees101
2mo ago
oh I see, you're force-revoking someone else's key
rswail
2mo ago
Which is an interesting DOS attack if you can find someone's key.
OJFord
2mo ago
The interesting thing is that (if you're an attacker) your choice of attack is DoS when you have... anything available to you.
freakynit
2mo ago
Does this mean a program can be written to generate all possible api keys and upload to github thereby revoke everyone's access?
kylecazar
2mo ago
They are designed to be long enough that it's entirely impractical to do this.
All possible
is a massive number.
freakynit
2mo ago
That's true tho... possible, but impractical.
3 more replies
j
/
k
navigate · click thread line to collapse
