Hacker News new | ask | show | jobs
by dumbsecreport 3589 days ago
I've reported multiple vulnerabilities to DigitalOcean before and they've fixed them rapidly, credited me for the effort, and gave me free time on their services.

The difference is I didn't exploit 20 thousand domains to make flashy headlines and prove a point about something that isn't even a serious bug.
3 comments
cjslep 3589 days ago
You're coming across as a shill either to make DO seem like an infalliable company or to blatantly astroturf enough to get people to hate DO (See jsmthrowaway's sibling comment).

I'm less inclined to believe the latter. I'm looking forward to transferring my domains on DO to elsewhere tonight.

link
dumbsecreport 3588 days ago
I'm just sharing my experience of what happens when you disclose bugs responsibly.

I'd be happy to share bug tickets with anyone who isn't on some silly chill hunting crusade, for sure, despite my trollish throwaway name.

link
jsmthrowaway 3589 days ago
More throwaway astroturfing? You say "20 thousand" the same way as your other likely throwaway account, V8OaSsoA (that is to say: somewhat identifiably) and complained about someone ripping off DigitalOcean's Web design on this account.

I'm doing math on the throwaways that are oddly attracted to this thread. You are making it very obvious that you are almost certainly a DigitalOcean employee across the two throwaways you've created so far, and that's giving me a whole lot of pause on DigitalOcean that I didn't have from reading the incident itself. If you're an employee or, less likely, a superfan, are you sure this is the type of sustained attack you want to levy? It's not making anybody look good.

link
hatsix 3589 days ago
Eh, I used '20 thousand' in one of my responses, does that mean I'm the real identity of the throwaways?

Probably not.

link
dumbsecreport 3588 days ago
Yeah, if it wasn't obvious enough already, I used that number because it's the one in the headline of the article........
link
dumbsecreport 3588 days ago
I really doubt DO would hire me. And any admin could look up what you said and disprove it. I'm not using any proxies or VPN.
link
Unbeliever69 3589 days ago
Mmmmm, smell that plastic grass.
link