news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

The Inheritance Trap – Silent Metadata Exposure from Cloud Folder Inheritance

https://medium.com/@aei.ismaieel/the-inheritance-trap-how-cloud-folder-structures-can-silently-expose-metadata-at-scale-c6716bc56ac7

2•Hxroot•1h ago

Comments

Hxroot•1h ago

Author here — this research began as a Google VRP submission (Aug 2025) and focused on a systemic permission-inheritance pattern in Google Drive.

Key points: - Files inside a publicly shared folder can return sensitive metadata (names, emails, timestamps, links) via unauthenticated API calls using any valid API key - Google VRP classified the behavior as “intended” and “infeasible to address” under current design - No UI banners or audit trails indicate inherited exposure - VRP acknowledged that a leaked key isn’t required, but that public keys online make automation trivial - Broader implications exist for other cloud vendors using similar inheritance models

Links: - Medium deep dive: https://medium.com/@aei.ismaieel/the-inheritance-trap-how-cl... - GitHub (sanitized PoCs + safe scripts): https://github.com/ISMAIEEL/inheritance-trap

Would love to hear HN’s thoughts on: - Practical mitigations for vendors and admins - How to improve user awareness of inherited exposure - Any similar patterns you’ve seen across other platforms

Will offshore wind energy affect ocean productivity?

https://news.liverpool.ac.uk/2025/08/04/will-offshore-wind-energy-affect-ocean-productivity/

1•gnufx•48s ago•0 comments

Scientists discover surprising language 'shortcuts' in birdsong – like humans

https://www.manchester.ac.uk/about/news/scientists-discover-surprising-language-shortcuts-in-birdsong--just-like-humans/

1•gnufx•3m ago•0 comments

How to Move Through Cities Like You're Not Being Watched

https://untraceabledigitaldissident.com/how-to-move-through-cities-like-youre-not-being-watched/

1•pkaeding•3m ago•0 comments

Ffxiv bug: Marketboard prices between 44,442–49,087 GIL disconnect players

https://eu.finalfantasyxiv.com/lodestone/error/unsupported_browser/?back_uri=%2Flodestone%2Fnews%2Fdetail%2Feed0ff66ad1b5de99872ee88eeb12d91e47a4bbb

1•mirages•3m ago•0 comments

An Introduction to String Diagrams for Computer Scientists

https://arxiv.org/abs/2305.08768

1•prathyvsh•7m ago•0 comments

Ghana Mourns Eight Lost in Tragic Helicopter Crash

https://www.jphfeeds.top/2025/08/ghana-mourns-eight-lost-in-tragic.html

1•jphfeeds•8m ago•0 comments

Role of Enzyme Technologies in Valorising Seaweed Bioproducts

https://www.mdpi.com/1660-3397/23/8/303

1•PaulHoule•9m ago•0 comments

Scaling Agentic AI – Akka Leads the Way

1•DigitalReporter•10m ago•0 comments

Why transparency beats everything else in engineering

https://victoronsoftware.com/posts/engineering-transparency/

1•ingve•10m ago•0 comments

Microsoft Windows 95 Video Guide with Jennifer Aniston and Matthew Perry [video]

https://www.youtube.com/watch?v=vLlWrt-zmTo

2•niklasbuschmann•11m ago•1 comments

Crystal: Parallel Claude Code Development

https://stravu.com/crystal

1•jbentley1•11m ago•0 comments

I got María Zardoya's number

https://www.themagnetist.com/maria-zardoya-sms

1•magnetist•13m ago•0 comments

Kevin Kelly: Everything I Know about Self-Publishing

https://kk.org/thetechnium/everything-i-know-about-self-publishing/

1•dillonshook•14m ago•0 comments

Letting Go of Autonomy

https://justin.searls.co/posts/letting-go-of-autonomy/

1•mooreds•15m ago•0 comments

How Do We Learn Complex Skills? Understanding Act-R Theory

https://www.scotthyoung.com/blog/2022/02/15/act-r/

1•alhazraed•15m ago•0 comments

The Colorful History of Tarot Is as Mesmerizing as the Decks Themselves

https://www.smithsonianmag.com/arts-culture/colorful-history-tarot-mesmerizing-decks-themseles-180986811/

2•Anon84•21m ago•0 comments

The Kryptos Key Is Going Up for Sale

https://www.wired.com/story/jim-sanborn-auctions-kryptos-key/

1•bookofjoe•21m ago•1 comments

Show HN: Minarrow – Fast Rust columnar engine with Apache Arrow compatibility

https://github.com/pbower/minarrow

1•pbower•24m ago•0 comments

Zulip 11.0 released: Organized chat for distributed teams

https://blog.zulip.com/2025/08/13/zulip-11-0-released/

1•adamfeldman•24m ago•0 comments

The Future of AI Privacy Is Here

https://www.ciphersoniclabs.io/pricing

1•ajay-joshi•26m ago•1 comments

US Wholesale Inflation Rises by Most in 3 Years

https://www.bloomberg.com/news/articles/2025-08-14/us-producer-prices-rise-by-most-in-three-years-on-services

27•master_crab•27m ago•2 comments

Meta's AI rules let bots hold sensual chats with kids, offer false medical info

https://www.reuters.com/investigates/special-report/meta-ai-chatbot-guidelines/

9•robhlt•28m ago•2 comments

Mathcamp Quiz Archive

https://www.mathcamp.org/past_summers/quiz/

1•Koshkin•28m ago•0 comments

Fresnel lenses: A beacon of hope in the maritime industry

https://ceramics.org/ceramic-tech-today/lighthouse-fresnel-lenses/

1•geox•28m ago•0 comments

Vive La Différence: Practical Diff Testing of Stateful Applications [pdf]

https://mwhittaker.github.io/publications/diff_testing.pdf

1•ingve•29m ago•0 comments

Open Source Amiga Under the New Commodore? Open Letter to Peri Fractic

https://old.reddit.com/r/amiga/comments/1mptdir/open_source_amiga_under_the_new_commodore_open/

4•doener•31m ago•0 comments

Wholesale prices rose 0.9% in July, more than expected

https://www.cnbc.com/2025/08/14/ppi-inflation-report-july-2025-.html

10•belter•32m ago•7 comments

AI interdimensional phone entertains party guests like it's 1999

https://www.raspberrypi.com/news/ai-interdimensional-phone-entertains-party-guests-like-its-1999/

1•michaelmior•32m ago•0 comments

Hands-on: We ran full desktop Linux apps on an Android phone!

https://www.androidauthority.com/run-desktop-linux-apps-on-android-how-to-3586539/

1•sipofwater•32m ago•1 comments

AS4 is an open standard for the secure and payload-agnostic exchange

https://en.wikipedia.org/wiki/AS4

1•doener•34m ago•0 comments