Have a GREAT Friday, you motherfuckers! 1) 2) 3) https://heavy.com/news/maria-athens/ https://www.cbsnews.com/news/ehtan-...ation-reporter-maria-athens-arrested-details/ https://www.facebook.com/athensmaria/ https://twitter.com/msathens?lang=en
They are pissed that someone found a security vulnerability? Hell I would be thankful if I was that Infosec team. They obviously were unaware of the fact they had an internal API exposed to outside users. Obviously if I am McDonalds, I am asking that team how the hell they missed this.
This isn't a security vulnerability in that it's going to cost their business money or hold them hostage to hackers, it's more of a nuisance. This kind of stuff happens all the time with huge companies that have a thousand services with dozens of different APIs that talk to one another. My friend was pissed because people notified the higher-ups like this was some huge deal and they freaked out when in reality it's more of a "okay, just patch whatever so that API is not longer exposed to the public, no biggie."
I remember walking around the Forum in Rome a few years ago thinking I'd love to have a VR headset or google glasses to show me what it looked like in its heyday, instead of the rubble and weeds and occasional preserved buildings
If their API for placing orders is externally exposed, someone more malicious could cause havoc with it. They’re lucky this guy just wants to know if he can get ice cream. Yes APIs do get exposed way more than they should, but this ones pretty bad IMO. It’s crazy they haven’t fixed it yet.
There was no API exposed where you could place orders, the original tweet about that was a joke. The only thing found was a way to tell if the ice cream machine was down for doing self-maintenance (sanitizing).
Thanks bro, I was just thinking how awesome it would be to wake up deaf tomorrow and now I get that chance