HN Reader

Study suggests we don't just hear music, but 'become it' (sciencedaily.com)

1 points by OutOfHere 1m ago 0 comments

Valve Proton 10.0-1d (beta) (github.com)

1 points by neustradamus 2m ago 0 comments

How climate change is raising your electricity bill (theclimatebrink.com)

1 points by adrianN 6m ago 0 comments

What Can a 500MB LLM Do? You'll Be Surprised [video] (youtube.com)

1 points by blacksoil 8m ago 0 comments

I made 4000 agent calls in Cursor last month. Each model has a personality

2 points by mike210 10m ago 1 comments

Motiff is Figma with AI [video] (youtube.com)

1 points by taro666 15m ago 0 comments

Hugo Administrators Resign in Wake of ChatGPT Controversy (gizmodo.com)

2 points by doctoboggan 19m ago 0 comments

Pegasus spyware creator ordered to pay WhatsApp $168M for 2019 hack (ft.com)

1 points by KnuthIsGod 20m ago 0 comments

How to Ask Questions the Smart Way (catb.org)

1 points by OuterVale 23m ago 0 comments

"Vibe Coding" by Emergent Garden [video] (youtube.com)

1 points by todsacerdoti 25m ago 0 comments

Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years (wired.com)

2 points by JohnTHaller 31m ago 1 comments

X402 - HTTP based payments from Coinbase (github.com)

1 points by kentf 33m ago 0 comments

Usenix Announces the Discontinuation of ATC Conference (usenix.org)

3 points by septicmk 33m ago 0 comments

Show HN: Tired of checking 10 sites for AI info? I built a one-stop feed (infobuzz.ai)

1 points by Johnnyang66 37m ago 0 comments

A tiny super fast RDBMS supports replication (github.com)

2 points by jcwang 39m ago 0 comments

Corpspeak: Infinite Corporate BS Generator (lurkertech.com)

3 points by mesarvagya 53m ago 0 comments

Reddit will tighten verification to keep out human-like AI bots (techcrunch.com)

3 points by badmonster 1h ago 2 comments

GPT-2 attention weights, visualized (amanvir.com)

1 points by venusgirdle 1h ago 0 comments

What's New in Grafana v12.0 (grafana.com)

1 points by tanelpoder 1h ago 0 comments

Rahul Goel (NordSpace) – Building Canada's Sovereign Space Launch Capability [video] (youtube.com)

1 points by Olshansky 1h ago 0 comments

News Literacy Project (newslit.org)

1 points by mooreds 1h ago 0 comments

$360k, ultraluxury EV Cadillac Celestiq (theverge.com)

1 points by andrewstetsenko 1h ago 0 comments

We created another Kafka client for Node.js (blog.platformatic.dev)

1 points by andyfleming 1h ago 0 comments

Don't Guess (jakeworth.com)

1 points by mooreds 1h ago 0 comments

Email and password authentication should be a last resort (rant) (smudge.ai)

2 points by aaossa 1h ago 1 comments

Is Your Company Prepared for FTC's May 14 "Click-to-Cancel" Compliance Deadline? (jdsupra.com)

3 points by yawaramin 1h ago 0 comments

White House “Accelerating” Nuclear Power With Executive Orders (axios.com)

10 points by CGMthrowaway 1h ago 5 comments

An Investigation into Probabilities of Streaks in Online Chess (hdsr.mitpress.mit.edu)

2 points by aw1621107 1h ago 0 comments

Meta faces lawsuit that could dismantle it (unionrayo.com)

13 points by nreece 1h ago 2 comments

Microsoft Unveils Smaller Surfaces (engadget.com)

5 points by xgdgsc 1h ago 0 comments

Luna Parc Home and Studio (lunaparc.com)

1 points by NaOH 1h ago 0 comments

Glossary Web Component (dbushell.com)

4 points by todsacerdoti 2h ago 0 comments

Scaling Python task queues is hard (judoscale.com)

5 points by wordsaboutcode 2h ago 1 comments

Novel High Resolution 3D Printing Method for Metals and Ceramics [video] (youtube.com)

6 points by grugagag 2h ago 0 comments

Show HN: I vibe-coded some unusual transformer models (github.com)

1 points by killerstorm 2h ago 0 comments

Show HN: Agents.erl (AI Agents in Erlang) (github.com)

2 points by arthurcolle 2h ago 0 comments

NM (pienkzuit.blogspot.com)

3 points by 13hours 2h ago 1 comments

Spyware maker NSO ordered to pay $167M for hacking WhatsApp (washingtonpost.com)

6 points by elies 2h ago 0 comments

WhatsApp: Winning the Fight Against Spyware Merchant NSO (about.fb.com)

3 points by elies 2h ago 0 comments

Pg_tracing: Distributed Tracing for PostgreSQL (github.com)

2 points by tanelpoder 2h ago 0 comments

Loss of dance and infant-directed song among the Northern ACHé (cell.com)

2 points by PaulHoule 2h ago 0 comments

Uber CEO says changing employee benefits 'is a risk we decided to take' (cnbc.com)

7 points by donsupreme 2h ago 4 comments

Effects of lifestyle changes on cognitive impairment due to Alzheimer's (2024) (alzres.biomedcentral.com)

4 points by chillpenguin 2h ago 1 comments

How does Jami work on mobile without a server? (jami.net)

5 points by dotcoma 2h ago 0 comments

AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports (socket.dev)

9 points by feross 2h ago 2 comments

Show HN: Gravity Bombing: Recursive Resonance in Multi-Expert Systems"

1 points by cgi-os 2h ago 0 comments

Ghost in the Machine: A Q&A with SatoshiAI (bitcoinmagazine.com)

1 points by sagitta_on_hn 2h ago 0 comments

Age Verification in the European Union: The Commission's Age Verification App (eff.org)

3 points by Sami_Lehtinen 2h ago 0 comments

AI of Dead Road Rage Victim Addresses Killer in Court (theguardian.com)

11 points by hdk 2h ago 0 comments

Wrote a detailed playbook for incorporating security in Gen AI systems (adityarohilla.com)

2 points by nerdy_aditya 2h ago 1 comments

The Phishing Campaign Targeting Gmail Users from April 2025

1 vitalipom 0 5/6/2025, 9:42:38 PM
In April 2025 a phishing campaign, targeting Gmail users has launched in a massive attack, making a malicious email look legitimate.

Foreseeing a probability of such circumstances to happen I filed a patent on an idea I had.

The issue that almost any website has is the ability to be proxied by a Man in The Middle. Means by that is that if I (Haim/Vital) now copy exactly a website, put it on my server and forward the same user actions from my site to the original site, then once the user is logged in, since it’s done via the hacker’s machine in the middle, then the attacker can keep using the victim’s session as technically it’s simply possible.

In my patent I do not let a MiTM attack a room to happen. How? Simply. Each request and response are treated like JWT! The only difference is that both parties both sign and validate the JWT. And the additional shared secret which is required by design is shared via a 3rd communication channel, via email. So that even if user’s credentials are stolen, the shared key still won’t let the attacker to fake a request.

Comments (0)

No comments yet