• 8 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: July 18th, 2023

help-circle















  • From the article:

    In an email, a GivEnergy representative reinforced Castellucci’s assessment, writing:

    In this case, the problematic encryption approach was picked up via a 3rd party library many years ago, when we were a tiny startup company with only 2, fairly junior software developers & limited experience. Their assumption at the time was that because this encryption was available within the library, it was safe to use. This approach was passed through the intervening years and this part of the codebase was not changed significantly since implementation (so hadn't passed through the review of the more experienced team we now have in place).
    






  • emphasis added by me From the article:

    The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”

    It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment. Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”

    Wherever the accused’s rig ran, when users logged in to the network, they were asked to provide credentials. The AFP alleges that details such as email addresses and passwords were saved to the suspect’s devices.

    The charges laid against the man concern unauthorized access to devices and dishonest dealings. None of the charges laid suggest the accused used the data he allegedly accessed.

    However three charges of “possession or control of data with the intent to commit a serious offence” suggest the alleged perp was alive to the possibilities of using the data for nefarious purposes.