GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Adam Shostack :donor: :rebelverified: (adamshostack@infosec.exchange)'s status on Monday, 30-Sep-2024 01:10:07 JST Adam Shostack :donor: :rebelverified: Adam Shostack :donor: :rebelverified:

    I find myself really irked by the headline here. The problem is not a "simple website bug", the problem is that they wrote thousands of lines of code without ever thinking about what the trust boundaries are, or should be.

    This is a massive design flaw. The idea that cars should be controllable from some mothership is bizarre (and not needed for app control - have a digital signature from the mobile device). The idea that cars are enrolled even if the user didn't set up an account is similarly broken. This isn't a "simple website bug" but a massive failure to consider the security implications of features.

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/221/567/638/929/617/original/87a84b902bd02b53.png

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.