←back to thread

Magic Wormhole: get things from one computer to another, safely

(github.com)
816 points tosh | 1 comments | 17 Aug 24 16:59 UTC | HN request time: 0.323s | source
Show context
xeanotods ◴[18 Aug 24 00:56 UTC] No.41279301[source]
I almost lost a job for using this at work. Still not sure how they detected it.
replies(1): >>41280051 #
1. randomgiy3142 ◴[18 Aug 24 04:05 UTC] No.41280051[source]
You’re setting up a relay using two well known domain names it seems. And you’re encrypting files that probably can’t be decrypted using MITM so you’re sending all kinds of “red flags” if they use any number of MITM detection software.

To be fair our offshore team was so bad with security (“doesn’t work? Turn it off!”) it is unfortunately necessary. If I had a slightly different app “magick wormhole” they’re likely to use it if it had a pretty GUI.

Like if we didn’t have strict security policies in place how do you manage 500+ “developers” who have no repercussions? Part of it is getting the cheapest labor possible, part of it is security is hard to do right and part of it is english as a second language issue.

It is much easier to put everyone in an incredibly locked down environment than it is to have them decide what’s secure or not. If I were to fork this and internally use our own DNS and put a GUI wrapper and there’s a flaw in the implementation of magic wormhole I’d be in much more trouble than using Crowdstrike which no one will get fired for using for example.