Ive always admired hn for bringing me people in very different spaces. Of the development teams I've worked with in the last year pretty much all of them were writing injectable code by default. Ive got an email from an executive in a saas telling me they aren't worried because they geofilter china.
Ship, ship, ship, and when we get discovered we/you/they write a nice corp spin email "we deeply care for our customers, acted responsibly to inform our clients promptly and worked fast to mitigate all relevant risks" (I've read enough of this BS comms so I don't need LLMs to make one for me). Right?
Even more ironic considering that China already geofences itself and using a VPN it pretty much a requirements if you want to communicate with the outside world.
Chances are that these hackers are bypassing that filter without even realizing it.
I wonder how many of these "state-employed hackers" are just random criminals and their bots, doing regular criminal stuff like stealing money from bank accounts.
I easily see people claiming they are the target of a foreign government because it gives them importance and it is less shameful than a spam botnet.
