Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab's open source code shows that the critical vulnerability—or at least one very much like it—was introduced by the company's chief technology officer. Further Reading Trump's is one of 15,000 Gab accounts that just got hacked The change, which in the parlance of software development is known as a "git commit," was made sometime in February from the account of Fosco Marotto, a former Facebook software engineer who in November became Gab's CTO . On Monday, Gab removed the git commit from its website. Below is an image showing the February software change, as shown from a site that provides saved commit snapshots. The commit shows a software developer using the name Fosco Marotto introducing precisely the type of rookie mistake that could lead to the kind of breach reported this weekend. Specifically, line 23 strips the code of "reject" and "filter," which are API functions that implement a programming idiom that protects against SQL injection attacks. Developers: Sanitize user input This idiom allows programmers… Read full this story
- Top 10 Biggest Mistakes of Website Design
- Search Engine History - How Google came to dominate
- Yahoo! Hacked: 15 Tips To Better Password Security
- Atlanta’s black tech founders are changing entrepreneurship in America. Can they avoid Silicon Valley’s mistakes?
- Top Tools & Tips to Start, Run & to Promote Successful Online Community Sites. Most Common Mistakes
- Your Web Site - Do It Yourself? or Get Serious!
- When designing your own website or blog, here’s some mistakes to avoid.
- Developers share most probable risk factors for WordPress CMS
- Instant Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms
- Cheryl Rickman Interview
Rookie coding mistake prior to Gab hack came from site’s CTO have 312 words, post on arstechnica.com at March 2, 2021. This is cached page on CuBird. If you want remove this page, please contact us.