Disclaimer: I wrote this post. The link uses Google Analytics, and if you don't want that, you can use this[0] link instead.
This is the first writeup like this that I've done, so if you have any feedback on the content/writing, lmk! You can comment here or DM me on twitter, @asg_027
I applaud the work done on the research to find the vulnerabilities. But writing about it just to criticize the creators is a shitty reason to do it. I've never known software that's perfect from the start. I hope the author has contacted Colworx to help fix the problems.
The app has a needed function and should be supported rather than just criticized.
If they really put the real password in a public repository, then it's not a minor mistake. It's a huge error.
Perhaps the author could have contacted them to give them a few days before the announcement, so can they delete[1] the data from the repository, but it's nevertheless a huge error.
[1] You can't really delete anything from the internet, it's only a hide button. They can try to change the password in the server anyway.
4 comments
[ 2.9 ms ] story [ 22.0 ms ] threadThis is the first writeup like this that I've done, so if you have any feedback on the content/writing, lmk! You can comment here or DM me on twitter, @asg_027
[0] http://iamprettydamn.cool/2019/la-earthquake-app/?notrack=1
The app has a needed function and should be supported rather than just criticized.
Perhaps the author could have contacted them to give them a few days before the announcement, so can they delete[1] the data from the repository, but it's nevertheless a huge error.
[1] You can't really delete anything from the internet, it's only a hide button. They can try to change the password in the server anyway.