The City of Los Angeles paid $300,000 for a vulnerable earthquake alert app(iamprettydamn.cool)
iamprettydamn.cool
The City of Los Angeles paid $300,000 for a vulnerable earthquake alert app
http://iamprettydamn.cool/2019/la-earthquake-app/
4 comments
I applaud the work done on the research to find the vulnerabilities. But writing about it just to criticize the creators is a shitty reason to do it. I've never known software that's perfect from the start. I hope the author has contacted Colworx to help fix the problems.
The app has a needed function and should be supported rather than just criticized.
The app has a needed function and should be supported rather than just criticized.
If they really put the real password in a public repository, then it's not a minor mistake. It's a huge error.
Perhaps the author could have contacted them to give them a few days before the announcement, so can they delete[1] the data from the repository, but it's nevertheless a huge error.
[1] You can't really delete anything from the internet, it's only a hide button. They can try to change the password in the server anyway.
Perhaps the author could have contacted them to give them a few days before the announcement, so can they delete[1] the data from the repository, but it's nevertheless a huge error.
[1] You can't really delete anything from the internet, it's only a hide button. They can try to change the password in the server anyway.
Awesome job, they should have hired you
This is the first writeup like this that I've done, so if you have any feedback on the content/writing, lmk! You can comment here or DM me on twitter, @asg_027
[0] http://iamprettydamn.cool/2019/la-earthquake-app/?notrack=1