Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
securesaml
7 days ago
|
parent
|
context
|
favorite
| on:
Claude Cowork exfiltrates files
it is less of a problem for revoking attacker's keys (but maybe it has access to victim's contents?).
agreed it shouldn't be used to revoke non-malicious/your own keys
nebezb
6 days ago
[–]
The poster you originally replied to is suggesting this for revoking the attackers keys. Not for revocation of their own keys…
reply
securesaml
6 days ago
|
parent
[–]
there's still some risk of publishing an attacker's key. For example, what if the attacker's key had access to sensitive user data?
reply
throwawaysleep
6 days ago
|
root
|
parent
[–]
All the more reason to nuke the key ASAP, no?
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
agreed it shouldn't be used to revoke non-malicious/your own keys