this post was submitted on 07 Jun 2023
2 points (100.0% liked)

/c/cybersecurity - Cybersecurity News & Discussion

90 readers
1 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
 

Clop seems to be on a roll, first with GoAnywhere and now with Moveit

top 3 comments
sorted by: hot top controversial new old
[–] argv_minus_one 2 points 1 year ago (1 children)

Yet another proprietary security solution turns out not to have been as secure as advertised, and it's easy to see why: companies that sell software are motivated not to make it secure, but to develop it as quickly as possible with as few developers as possible and then add as many features as often as possible.

[–] TribesmanJohn 2 points 1 year ago (1 children)

https://community.progress.com/s/question/0D54Q0000AL2k8jSQB/moveit-transfer-critical-vulnerability-may-2023

I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)

Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)

[–] argv_minus_one 5 points 1 year ago

SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who's working too hard. But SQL injection vulnerabilities are the result of doing something we've been taught for decades to never do, so I can't imagine any excuse for this.