Hacker Newsnew | past | comments | ask | show | jobs | submit | cws's commentslogin

This is my experience as well. A solutions architect is likely to be working directly with customers to achieve what they want with the product which can involve deployment work, integration work, etc. Sometimes this work is found to be repeatable across customers and may be engineered into the product. An architect (in a software or IT context) can have pretty widely varying responsibilities, usually more focused on building product or internal company environments. But solution architects have been fairly consistent in scope of responsibility across the companies I’ve been exposed to


I really thought it was going to be something about a “Y axis” or “Y Axes”


This is about CVE-2022-22965. Maybe I’ll edit the title to reflect that.


good idea.


Depends a lot on how many Spring apps out there have the prereqs to be vulnerable. The widespread nature of Log4Shell is what made it “worse” than other RCE vulns. I don’t have a sense of how many vulnerable instances of this one might be out there but the number could be enormous.


What made it seem that way? I feel like the post provides a solid answer to the question asked in the title. Does it not?


OP here. Sorry that it felt that way to you, and curious why? Because it is from a corporate blog? The material answers the question posited in the title, IMO, but curious why it came off as an Ad to you. Mind sharing?


Well I guess because of this part:

>ExtraHop Reveal(x) automatically detects unusual changes in DNS traffic based on device behavior over time, surfacing queries that should be investigated. A defender can investigate the DNS query from the detection card.

While it does answer the question it also presents one of the solutions as something it has stake in. Imagine a McDonalds blog post about ways to stop hunger:

How to stop hunger! Hunger is when your body wants food. Here are 3 ways of stopping that feeling:

1) Cook some food and eat it

2) Go out to eat

3) Go to McDonalds and have a Big Mac™


More like: "What is hunger?", where your last step is the only proposed solution.

The article does contains interesting information, but then seeing that it is only an ad is a bit disappointing.


As of this writing, the fake Postman extension appears to have been removed from the Chrome extension store. Huzzah!


I just searched for the fake Postman extension again and it appears to have been removed. Hurray!


It seems like trending a story on HN is the only way to get Google to remove malware, unfortunately.


Yeah, that is incredibly frustrating. It seems to me that many of these types of scams target general consumers, piggybacking on legitimate app's names to get a few thousand people to pay a buck or give you some personal info, etc. These instances that target developer tools have the potential to do a different kind of damage to peoples' livelihoods.


Totally. This extension was trying to be stealthy about exfiltrating data...but it wasn’t trying that hard. As noted in the article, the same developer had at least one other extension using the same code to obfuscate and exfiltrate data. Seems like sort of a spray and pray approach


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: