Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab's open source code shows that the critical vulnerability—or at least one very much like it—was introduced by the company's chief technology officer. Further Reading Trump's is one of 15,000 Gab accounts that just got hacked The change, which in the parlance of software development is known as a "git commit," was made sometime in February from the account of Fosco Marotto, a former Facebook software engineer who in November became Gab's CTO . On Monday, Gab removed the git commit from its website. Below is an image showing the February software change, as shown from a site that provides saved commit snapshots. The commit shows a software developer using the name Fosco Marotto introducing precisely the type of rookie mistake that could lead to the kind of breach reported this weekend. Specifically, line 23 strips the code of "reject" and "filter," which are API functions that implement a programming idiom that protects against SQL injection attacks. Developers: Sanitize user input This idiom allows programmers… Read full this story
- Hackers backdoor PHP source code after breaching internal git server
- iPhone and iPad glossary
- What's in iOS 14.5 and when will iOS 14.5 be released?
- Avalanche use 3 goals in second period to beat Blues 4-3
Rookie coding mistake prior to Gab hack came from site’s CTO have 247 words, post on arstechnica.com at March 2, 2021. This is cached page on IT Breaking News. If you want remove this page, please contact us.