Like what? They have servers in Switzerland, they seem competent.
Anything that is based in the US is not privacy friendly by law (at least for not-US citizens, see why US will never be an equivalent country for GDPR)
Anything that is implemented/maintained by incompetent is not privacy friendly by NSA/hackers/you name it
At least in Europe, passengers jets are new because more fuel efficient at the "normal" speed. These old jets are then transformed in cargo where they go very slow so fuel efficiency goes up by other means (and the old jet is way cheaper).
This was a passenger plane so i doubt it was anywhere close to 50 years old
I hear the general sentiment against billionaire and corporations but from game theory point of view what they are doing is the rational behavior.
The problem is not them doing this, the problem is that the system (judiciary system in this case) is not neutral as it is supposed to be.
The problem, though, is that it's short sighted.
If the workers are abused less and less business opportunities there are.
In other words on the short term the corporations win, on the long term everyone loses.
A single billionaire, overall, can spend less than 1000 millionaires that can spend less than 10 ppl that make 100k/y
Bobby table, this, buffer overflow... Are all similar in spirit.
Bobby table is a way for hiding the malicious SQL query after a normal query (in that case after the select with "Bobby" you inject the malicious drop table)
In this case after the normal email (that normally would serve for both identifying the user and for the mail to send the recovering mail), the attacker sends two mails, the first is fo identifying the user the second to send the recovering mail
In the case of buffer overflow you inject malicious code after normal(-ish) data
It's not an XHR attack since for the mail recovery workflow you don't need an authenticated session.
To be a bit more compassionate to the developers, this is probably some dynamic typing problem. Probably ruby is "smart" into understand that an array can contain strings after all... So an array of strings is as good as a string... But here we go into static vs dynamic typing.... And it's a bit of religious war (fun fact in 2011 i was advocating with Guido Van Rossum in having at least an optional static typing check in Python - at the time the discussion was how to make python faster/compiled - and he was borderline mocking me 😅 and few years after pytypes but still no compilation at horizon 😂)
Not the commenter but it seems like the parameters of the HTTP Get/Post weren't protected/checked. The API was likely something like:
Email to reset: string(email account to reset)
But it accepted something like: [string(email account to reset), string (email to which the reset mail is sent to)]
This! The point of automation is rarely saving time.
The point of automation is increasing quality.
It can be a data quality, it can be mitigating a production risk, can be avoiding regression.
Heck even unit tests are automation (you may just manually test your code once and call the day).
I am not saying that automation is always good, but the evaluation should be
what is the cost of production/data quality/regression gone wild? (Possibly in€/$/¥)
what is the cost of the person/team performing the task over 1 Year (Again, £€$¥)
what is the expected cost of the person/team implementing automation?
Then you do (3)*3 - (1) *3 - (2). Is it positive? You do, is it negative you? You don’t. The more it’s positive the higher the priority of doing.
Why the *3?
The first because the expected cost of automation is always massively underestimated
The second because it takes multiple times something goes wrong till the decision is reconsidered 🙂
Why 1 year? Because generally the task to automatize changes or disappear
I am here with my popcorn to see how well this will play for those CEOs.
We are in an age in which getting to a power position is a reality show. You don’t need to know how to do anything, really. It’s enough that you have charisma and trigger emotions (possibly negative emotions, they work better)
EU always escalate slowly. Eventually it enforces though (e.g., USB-C, GDPR).
Given the companies are almost all US based and US historically have been very defensive of their businesses (not only in IT) this seems a pretty reasonable approach for avoiding diplomacy escalations.
IMO DMA will be fully enforced in 3-4 years (and collecting some Billions here and there in the process).
First in line for the few initial billions: Meta and Microsoft. We’ll see what comes next
Except if the severance package is BS and they don’t find enough volunteers (but hey! They tried!) and people get volunteered