this post was submitted on 22 Aug 2024
310 points (99.4% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

To be clear, not all companies are like this.

you are viewing a single comment's thread
view the rest of the comments
[–] KamikazeRusher@lemm.ee 57 points 3 months ago (5 children)

Disclosed responsibly

Received a Cease & Desist order with threat of litigation if released to the public

¯\_(ツ)_/¯

[–] cron 17 points 3 months ago

No good deed goes unpunished

[–] LostXOR@fedia.io 14 points 3 months ago (1 children)

Sure would be a shame if it was leaked anonymously online...

[–] KamikazeRusher@lemm.ee 6 points 3 months ago (1 children)

Unfortunately this is a product not many care for nor know about, and I had a personal working relationship with this vendor, so even if it were “leaked anonymously” they could point back at me and make things a living hell.

At this point it’s been almost five years. They made their stance known. The exploit isn’t one that can be done completely remote without some internal knowledge to the setup of the equipment. It’s old news and they’re better off fading away in obscurity. I just won’t bother to try helping them make their products better and more secure.

[–] wizardbeard@lemmy.dbzer0.com 3 points 3 months ago* (last edited 3 months ago)

If it makes you feel any better, you're not alone. Would be a few more hoops to jump through to connect it to me, but as far as I know my company is the only customer left using this particular piece of software. The vebdor let go all their support staff and devs for it over a year ago. It's also highly likely that my company has a significantly customized version of this software.

Files shipped with the client install include functions to not only encrypt passwords (expected) but to decrypt them as well. If anyone got into the users table of the db it's all over.

Edit: Also to be fair, I don't truly know if this would be considered a problem. If someone has the users table you're probably fucked in a lot of other ways too.

[–] SplashJackson@lemmy.ca 9 points 3 months ago* (last edited 3 months ago)

It's very responsible of you to be thinking of the poor corporation; they needed a hand from a hardworking volunteer like yourself and you did the responsible thing and made their lives easier. Hurray!

[–] CosmicTurtle0@lemmy.dbzer0.com 4 points 3 months ago

Release the vulnerability to the dark net.