17
sbiewald
22d

disableSslVerification()
download("https://...", "update.exe")
execute("update.exe")

In a license reporting software, took them 1,5 years to fix!
If we hadn't specifically requested how to run this software with lesser privileged accounts, it would have had access to all our customer's machines.

Comments
  • 4
    No man, you don't understand. You don't understand at all. This is not a bug, this is a feature. It's called multi possibility value provider.

    As soon as you have enough people eating your shit, you can sell it to the Person bidding the most to change the binary and use it as a cheap bot network. Now you got money from your "customers" and the people running the network. And in the end you blame the developers for their failure... Ingenious!
  • 0
    It's liberal thinking software
Add Comment