SECONDNEXUS
percolately
georgetakei
comicsands
George's ReadsMost Read
Second Nexus © 2019
Creator of Rightwing 'MAGA Yelp' App Completely Flips Out After Internet Hero Exposes Security Flaws in the App's Code
13 March 2019
Bill Clark/CQ Roll Call via Getty Images, @fs0c131y/Twitter
The designer of a new app for reviewing MAGA-friendly businesses had a total meltdown on Tuesday after an internet researcher discovered major security flaws in the app's coding.
"63red Safe works like a conservative Yelp," The Daily Beast reported on Monday. "Instead of reviewing the lighting and ambience, though, the site’s users rate restaurants and other businesses on a series of four questions, including whether the restaurant’s owners make political social-media posts and whether they allow customers to carry weapons."
<p>Within hours after the launch, a French security researcher with the moniker "Elliot Alderson" (a reference to <em>Mr. Robot</em>) was able to gain access to the backend of the app, which was completely unsecured, leaving users' data at risk.</p><p></p><p>In a nutshell, Alderson was able to see that 4,466 people had signed up because no login credentials were needed to snoop around.</p><p></p><p>Alderson advised against using the app until the security features were upgraded. "<a class="twitter-atreply pretty-link js-nav" dir="ltr" href="https://twitter.com/63red"><s>@</s><b>63red</b></a> In order to <a class="twitter-hashtag pretty-link js-nav" dir="ltr" href="https://twitter.com/hashtag/MAGA?src=hash"><s>#</s><b>MAGA</b></a>, you can start by learn how to code an application," he tweeted.</p><p><div data-conversation-spotlight=""></div></p><p></p><p>In response, 63red Safe's founder, Scott Wallace, said in a <a href="https://medium.com/@63red/63red-statement-on-security-1ecdcef20307">statement</a> on Tuesday that he takes security "very seriously" and has "already taken action to additionally protect our data."</p><p>And then came the victim card.</p><p>"As we have seen across the United States, conservatives particularly have come under attack for their political beliefs — verbally, physically, and electronically," Wallace wrote. "This is unacceptable in a free society, and we will take every action to stop it, and assist our users in that as well."</p><p>Oy.</p><p>Wallace said that he notified the FBI about the "politically-motivated attack" with the hope that "this perpetrator will be brought to justice, and we will pursue this matter, and all other attacks, failed or otherwise, to the utmost extent of the law."</p><p></p><div id="4fcb1" class="rm-shortcode" data-rm-shortcode-id="1R1OUA1574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105469144445669379" data-partner="rebelmouse"><div style="margin:1em 0">TL;DR: No lost passwords, no breach of database, no data changed, minor problem fixed. We’re angry by the attempt,… https://t.co/dIIj9Vroo8</div> — 63red (@63red)<a href="https://twitter.com/63red/statuses/1105469144445669379">1552399357.0</a></blockquote></div><p></p><p>Unfortunately for Wallace, this was a huge overreaction.</p><p>“I can understand 63red is angry but I’m here to help them, not the opposite,” Alderson told <a href="https://gizmodo.com/owner-of-maga-friendly-yelp-knockoff-threatens-to-call-1833247075">Gizmodo</a>.</p><p>Alderson's discovery was not a crime, nor did he steal any data or mess with the site's digital infrastructure. All he did was point out vulnerabilities in the coding.</p><p>"Let's hope FBI educates the folks at @63red about how this really works," tweeted hacker Kate Moussouris.</p><p></p><div id="e8ce5" class="rm-shortcode" data-rm-shortcode-id="ZUTLV51574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105508183915683840" data-partner="rebelmouse"><div style="margin:1em 0">Looks like @fs0c131y 's research revealing a rookie security mistake of having NO authentication on an API has trig… https://t.co/yHfn9d56wy</div> — Katie Moussouris (@Katie Moussouris)<a href="https://twitter.com/k8em0/statuses/1105508183915683840">1552408665.0</a></blockquote></div><p></p><p>Wallace and 63red Safe were savagely mocked for calling the feds on someone who was trying to make their online safe space safer.</p><p></p><div id="71ba7" class="rm-shortcode" data-rm-shortcode-id="ZEFRMA1574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105480916099612674" data-partner="rebelmouse"><div style="margin:1em 0">@63red Why are you MAGA peeps always the snowflakes?</div> — Ask Cybergibbons! (@Ask Cybergibbons!)<a href="https://twitter.com/cybergibbons/statuses/1105480916099612674">1552402163.0</a></blockquote></div><p></p><p></p><div id="e1805" class="rm-shortcode" data-rm-shortcode-id="6213V11574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105503407018778624" data-partner="rebelmouse"><div style="margin:1em 0">@63red You guys called the FBI on a security researcher who browsed your DB bc you all used a sketchball API and di… https://t.co/WtDuHT7kp2</div> — H E X G I V I N G (@H E X G I V I N G)<a href="https://twitter.com/hexadecim8/statuses/1105503407018778624">1552407526.0</a></blockquote></div><p></p><p></p><div id="18ac8" class="rm-shortcode" data-rm-shortcode-id="6XCX9D1574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105518995741073418" data-partner="rebelmouse"><div style="margin:1em 0">@63red Threatening researchers will definitely make them stop looking for flaws in your security. It won't encourag… https://t.co/NJ4C1AJY5i</div> — David (@David)<a href="https://twitter.com/sa7dse/statuses/1105518995741073418">1552411242.0</a></blockquote></div><p></p><p>Triggered much?</p><p></p><p>Maybe next time, Wallace should learn to code properly.</p><p></p><div id="a4c2d" class="rm-shortcode" data-rm-shortcode-id="1XHDDK1574874275"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105481995826671616" data-partner="rebelmouse"><div style="margin:1em 0">@63red This will not end well for you.
On the flip side, your service also acts as a boycott list for forward-thi… https://t.co/QnsfV0cfxN</div> — Panther Modern (@Panther Modern)<a href="https://twitter.com/panther_modern/statuses/1105481995826671616">1552402421.0</a></blockquote></div><p></p><p></p><div id="92c1f" class="rm-shortcode" data-rm-shortcode-id="CWO4UL1574874276"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105541677257756672" data-partner="rebelmouse"><div style="margin:1em 0">@63red The Right can't code, who knew!</div> — Cadwyn Delsior (@Cadwyn Delsior)<a href="https://twitter.com/RedMageCadwyn/statuses/1105541677257756672">1552416650.0</a></blockquote></div><p></p><p></p><div id="4af3c" class="rm-shortcode" data-rm-shortcode-id="PYD01R1574874276"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105481022119034880" data-partner="rebelmouse"><div style="margin:1em 0">@63red How not to do infosec</div> — kris (@kris)<a href="https://twitter.com/KrisMcCallen/statuses/1105481022119034880">1552402189.0</a></blockquote></div><p></p><p>This is peak snowflake culture.</p><p></p><p></p><div id="dbb99" class="rm-shortcode" data-rm-shortcode-id="PUTCF41574874276"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105483815395512320" data-partner="rebelmouse"><div style="margin:1em 0">@63red you guys are idiots, hes doing you a solid and youre gonna get butthurt.. . now youre gonna get embarassed.</div> — \_ ━╤デ╦︻(▀̿̿Ĺ̯̿̿▀̿ ̿) turkey monkey47 (@\_ ━╤デ╦︻(▀̿̿Ĺ̯̿̿▀̿ ̿) turkey monkey47)<a href="https://twitter.com/akrolla47/statuses/1105483815395512320">1552402855.0</a></blockquote></div><p></p><p></p><div id="d4210" class="rm-shortcode" data-rm-shortcode-id="OF5QVI1574874276"><blockquote class="twitter-tweet twitter-custom-tweet" data-twitter-tweet-id="1105553340220485632" data-partner="rebelmouse"><div style="margin:1em 0">@63red "As we have seen across the United States, conservatives particularly have come under attack for their political beliefs" lolz</div> — divinci (@divinci)<a href="https://twitter.com/divinci/statuses/1105553340220485632">1552419431.0</a></blockquote></div><p></p><p>“Does this business serve persons of every political belief?” the 63red Safe asks its users. “Will this business protect its customers if they are attacked for political reasons?”</p><p>How this information is gathered, The Daily Beast noted, is unclear.</p><p>Wallace fears that in 2020, socialist forces on the left will present an existential threat to him and other MAGA believers.</p><p>“I believe that, between now and 2020, we’re going to see the rise of the socialist goon squad,” Wallace said. “I think Antifa was nothing compared between now and what’s coming in 2020. And I’m deeply concerned.”</p>
Keep reading...
Show less