this post was submitted on 09 Jun 2025
433 points (99.1% liked)

Technology

71163 readers
3972 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
433
A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account (brutecat.com)
submitted 13 hours ago* (last edited 13 hours ago) by Pro@programming.dev to c/technology@lemmy.world
50 comments fedilink hide all child comments
 

archive.today link

you are viewing a single comment's thread
view the rest of the comments
[–] x00z@lemmy.world 38 points 8 hours ago (1 children)

$5,000

This is like 1/10th of what a good blackhat hacker would have gotten out of it.

[–] scarilog@lemmy.world 13 points 7 hours ago (2 children)

I always wonder what's stopping security researchers from selling these exploits to Blackhat marketplaces, getting the money, waiting a bit, then telling the original company, so they end up patching it.

Probably break some contractual agreements, but if you're doing this as a career surely you'd know how to hide your identity properly.

[–] filcuk@lemmy.zip 9 points 3 hours ago

It's not worth the risk. If your job is border control, would you be smuggling goods? Maybe some would, but most would not.

They're whitehat because they don't want to take part in illegal activities, or already have and have grown from it.

[–] x00z@lemmy.world 8 points 6 hours ago (1 children)

Chances that such an old exploit get found at the same time by a whitehat and a blackhat are very small. It would be hard not to be suspicious.

[–] scarilog@lemmy.world 2 points 6 hours ago* (last edited 5 hours ago) (1 children)

Yes, but I was saying the Blackhat marketplaces wouldn't really have much recourse if the person selling the exploit knew how to cover their tracks. i.e. they wouldn't have anyone to sue or go after.

[–] x00z@lemmy.world 3 points 5 hours ago

I'm saying blackhat hackers can make far more money off the exploit by itself. I've seen far worse techniques being used to sell services for hundreds of dollars and the people behind those are making thousands. An example is the slow bruteforcing of blocked words on YouTube channel as they might have blocked their name, phone number, or address.

What you're talking about is playing both sides, and that is just not worth doing for multiple reasons. It's very obvious when somebody is doing that. People don't just find the same exploit at the same time in years old software.