TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 182 words in the discussion.

Trending Topics

#security#adafruit#reporting#authorities#don#flux#engineers#users#naively#vulnerability

Discussion (9 Comments)Read Original on HackerNews

mlhpdxabout 4 hours ago
I don’t understand what Flux hoped to gain in this situation. It seems counterproductive to building a platform for engineers while attacking folks respected by engineers.
fennecbutt17 minutes ago
MBAs
throwaway81523about 2 hours ago
It sounds like the hands of what Ed Zitron calls business idiots are in play.
phoronixrlyabout 3 hours ago
They wanted the make sure Adafruit stays silent about the number of active users, and Adafruit gave them some leverage by imo naively reporting a security vulnerability.
SwellJoeabout 1 hour ago
What do you mean by "naively"? Reporting a security vulnerability to the vendor is the responsible and ethical thing to do. Suing someone who did you a favor is fucked up behavior and they should be shunned for it.
phoronixrlyabout 3 hours ago
How many CFAA cases have to be filed in order for people to stop (gratuitously) reporting security vulnerabilities to corporations? Just stop, you don't owe them that, and it always comes off as an attempt at blackmail. If you care so much about their users, report to security authorities instead.
russdillabout 2 hours ago
The "security authorities"? Who exactly is that? And what action are the expected to take?

Responsible disclosure is not gratuitous, it's not blackmail. It is a standard industry practice. And the entity you notify is the vendor.

SwellJoeabout 1 hour ago
Wtf are "the security authorities"?
dslabout 3 hours ago
TLDR: Adafruit found out Flux was being dishonest about their user numbers. They also found and responsibly disclosed that they could get their Firebase keys by opening up Chrome's devtools.