Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
thenewwazoo
on April 1, 2024
|
parent
|
context
|
favorite
| on:
Xzbot: Notes, honeypot, and exploit demo for the x...
This is a NOBUS attack - Nobody But Us.
By tying it to a particular key owned by the attacker, no other party can trigger the exploit.
loeg
on April 1, 2024
[–]
I don't think this is responsive to my comment.
jhugo
on April 1, 2024
|
parent
[–]
I think it is? They were not trying to hide the content, but rather to ensure that nobody else could encrypt valid payloads.
loeg
on April 2, 2024
|
root
|
parent
[–]
The
signing
accomplishes that. The chacha20
encryption
with part of a public key, which is what I'm discussing above, is just obfuscation.
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
By tying it to a particular key owned by the attacker, no other party can trigger the exploit.