I remember there was a time when I would look at Hollywood hackers and say ‘nah, that’s unrealistic. Doesn’t happen that way’ and then in 2020 when I started reading about actual hacks i came to the realisation that not only is Hollywood hacking real, but the movies understate what can be done. It was like the opposite of learning that Santa Claus isn’t real.
The Hollywood hacking depictions are equivalent to seeing syringes being used on film. To the uninitiated it looks “real”, the reality is somewhat different.
Source: I’ve been an ICT professional for 40+ years and have had hundreds of (medical) needles poked in me over much of my life.
Thank you for helping corporations for free I guess. They’re proud of you.
Yeah … that thought occurred to me as well.
I wonder if there’s a way that you can legally monetize the process, so the organisation who left a gaping hole … or several bazillion in this case … gets an education in corporate security and the researcher gets paid for their efforts. A corporate symbiosis if you like.
If course the non legal way is extortion … but that tends to go towards warfare and mutually assured destruction, rather than collaboration.
Perhaps this opens the door to a white hat penetration testing department at the corporate regulator who issues fines (which pay for the work) … but I’m not seeing any evidence of an appetite for anything even remotely resembling such a set-up anywhere on Earth.
Espionage on the other hand …
They had fun writing this article:
allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing
with no server-side checking, allowing a Hamburglar to order food for free
eventually got through to a security McEngineer who said that they were “too busy” to fix the flaw
Coincidentally, I saw on linkedin last night they were hiring a Security Operations manager. They should get an Appsec person instead to fix those issues.
Professional software engineer here. Security Engineers don’t do that, they write harrowing reports that get ignored by Security Operations Managers.
Executive leadership at its finest.
That’s a whole lot of incompetence from McD
You can pretty well guarantee there are plenty of security flaws left. If anyone wants free food, I’m sure it’s still easy to do
We finally unmasked the Hamburgular
Thnx but no thanks. Not eating McD even if i can order it for free.
I’ve been McD free since last year. Too expensive for the quality of food and they push their app too hard on people. Not worth the space on my phone.
Oh yeah the free food guy, I heard about this one. Also the clusterfuck that is their employee backend.
I am not mad at the vibe coders, I got cheese burgers!
Now, a new car would be great… Tell the CEO how great AI is and how much money they are going to save please.
security through obscurity!
Security through obesity also
Fucking vibe coders and their security flaws.
