Hacker News new | past | comments | ask | show | jobs | submit login

Except, she kinda did disclose already. Seems a bit strange to circumvent standard embargo practices, only to publicly hint of an exploit but not give any details.



Maybe because it is a non-essential tool with many alternatives available? It could also be because there are already illicit parties using atop to hack companies? Still, publishing a CVE with the specific exploit and a recommendation to fully delete atop would be better. Even if there is no patch available.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: