82

My CTO everyone:

"You don't have to assert proper permissions in the backend for this user role, they won't guess the URL anyway. just hide the links"

Yikes.. fml.

Comments
  • 7
    @Null-Device I'm interested in this story, how did it end?
  • 2
    @Null-Device is there a link to this story plz?
  • 1
    @Null-Device thanks!
    What a story, and i think they should recruit him to make some kind of public service instead of arresting him. What a waste.
  • 8
    @Null-Device oh wow... some people are really really really fucking dumb, I hope he got a good lawyer because this is insane, arresting someone because they downloaded public information off a government website? What kind of bullshit is that?!
    Then again... an investigative reporter has been shot in the head for doing his work here in Slovakia... There are ongoing protests but I am losing hope there will be justice.
    #allforjan
  • 0
    To be fair, as someone who’s had to use poorly documented apis, this cto has a point
  • 2
    Mmmmm, security by obscurity
  • 0
    I've heard about similar scandals more than once around my country, never as huge as that one though.
  • 0
    That's ducked up...poor kid
  • 0
    @Null-Device

    I just read about this case, (or similar) no hacking, he just scraped a publicly exposed link and got arrested. It is crazy.
  • 2
    uhhh.....any decent fuzzer like w3af and a thousand bots that are scanning the web every day can be used to find links. And there are plenty of wordlists with millions of different combinations of paths that get it right.

    Your going to trust yours isn't guessable as security? Good luck with that.

    dir_file_bruter | | Yes | Finds Web server directories and files by bruteforcing.
  • 0
    Sounds a lot likes me 🤔 but I don't think you worked for me.
Add Comment