Horrible practices by this app yes still can’t help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase’s default configuration is absolutely atrocious. One of the few critical vulnerabilities I’ve seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
I’m going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don’t accidentally remove the wrong directory?
Any developer who doesn’t know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital number waterfalls on the screen and accessing a public database which I would consider more of hacking.
Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).
But can’t commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people’s sensitive data. Makes for less of a show and less opportunity to boast but yea.
No I don’t but if the firebase sucks isn’t it devs job to be knowing this? They might have warned their supervisors and simply disregarded, that is also another possibility in which case the blame obviously goes to higher up not the devs.
!["Tea" app - user database leaked today (incl. drivers license & IDs). Daily reminder not to give your ID to online services [THEY DO NOT PROTECT YOUR INFORMATION]](https://lemmy.dbzer0.com/pictrs/image/82b85434-7879-471f-b645-e6a7281e3baf.webp){kind=link}
Horrible practices by this app yes still can’t help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?
That’s exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase’s default configuration is absolutely atrocious. One of the few critical vulnerabilities I’ve seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
I’m going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don’t accidentally remove the wrong directory?
Any developer who doesn’t know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital number waterfalls on the screen and accessing a public database which I would consider more of hacking.
This is a super weird point to focus on from that whoooole situation.
Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).
But can’t commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people’s sensitive data. Makes for less of a show and less opportunity to boast but yea.
Solely blaming the devs tells me you have no experience with Firebase security
No I don’t but if the firebase sucks isn’t it devs job to be knowing this? They might have warned their supervisors and simply disregarded, that is also another possibility in which case the blame obviously goes to higher up not the devs.