Hacker News new | past | comments | ask | show | jobs | submit login

Totally agree. Documenting and discovering an API is far from calling it an exploit.

The document is also concerned about SnapChat's relationship with investors and the person of the founder, which is odd in a security paper.

GibSec's other work is another SnapChat analysis, which I find odd. Maybe he/she wants to work there? :)




We don't :) (but we'd be happy to take Snapchats money and help them out!)

We documented two exploits, which are exploits, because we are exploiting code that has been incorrectly implemented.

We also noted that Snapchat must have lied to Goldman Sachs (is this what you were referring to?), as we noticed during our research that there is no mention of gender in the protocol.

Does that answer any questions?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: