READ: Elliot Alderson Tweets Thread Showing How He ‘Got Access to the 63red Database and Obtained all the Details of Their Users’

“FBI Notified.”

The designer of a new app for reviewing MAGA-friendly businesses had a total meltdown on Tuesday after an internet researcher discovered major security flaws in the app’s coding.

“63red Safe works like a conservative Yelp,” The Daily Beast reported on Monday. “Instead of reviewing the lighting and ambience, though, the site’s users rate restaurants and other businesses on a series of four questions, including whether the restaurant’s owners make political social-media posts and whether they allow customers to carry weapons.”

Within hours after the launch, a French security researcher with the moniker “Elliot Alderson” (a reference to Mr. Robot) was able to gain access to the backend of the app, which was completely unsecured, leaving users’ data at risk.

https://twitter.com/fs0c131y/status/1105259901205516288

In a nutshell, Alderson was able to see that 4,466 people had signed up because no login credentials were needed to snoop around.

https://twitter.com/fs0c131y/status/1105264992130138112

Alderson advised against using the app until the security features were upgraded. “ In order to , you can start by learn how to code an application,” he tweeted.

https://twitter.com/fs0c131y/status/1105269040656846848

In response, 63red Safe’s founder, Scott Wallace, said in a statement on Tuesday that he takes security “very seriously” and has “already taken action to additionally protect our data.”

And then came the victim card.

“As we have seen across the United States, conservatives particularly have come under attack for their political beliefs — verbally, physically, and electronically,” Wallace wrote. “This is unacceptable in a free society, and we will take every action to stop it, and assist our users in that as well.”

Oy.

Wallace said that he notified the FBI about the “politically-motivated attack” with the hope that “this perpetrator will be brought to justice, and we will pursue this matter, and all other attacks, failed or otherwise, to the utmost extent of the law.”

Unfortunately for Wallace, this was a huge overreaction.

“I can understand 63red is angry but I’m here to help them, not the opposite,” Alderson told Gizmodo.

Alderson’s discovery was not a crime, nor did he steal any data or mess with the site’s digital infrastructure. All he did was point out vulnerabilities in the coding.

“Let’s hope FBI educates the folks at @63red about how this really works,” tweeted hacker Kate Moussouris.

Wallace and 63red Safe were savagely mocked for calling the feds on someone who was trying to make their online safe space safer.

Triggered much?

Load more...

Page 1 of 2
First | Prev | 1 | 2 | Next | Last
View All

Categories

Archives

type in your search and press enter
Search
Generic filters
Exact matches only