this post was submitted on 09 Aug 2024
89 points (96.8% liked)

Technology

59366 readers
3582 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] GreenEngineering3475@lemmy.world 21 points 3 months ago* (last edited 3 months ago) (2 children)

From the article:

In an email, a GivEnergy representative reinforced Castellucci’s assessment, writing:

In this case, the problematic encryption approach was picked up via a 3rd party library many years ago, when we were a tiny startup company with only 2, fairly junior software developers & limited experience. Their assumption at the time was that because this encryption was available within the library, it was safe to use. This approach was passed through the intervening years and this part of the codebase was not changed significantly since implementation (so hadn't passed through the review of the more experienced team we now have in place).
[–] sugar_in_your_tea@sh.itjust.works 15 points 3 months ago (1 children)

So, it sounds like they don't have regular security audits, because that's something that would absolutely get flagged by any halfway competent sec team.

[–] WhatAmLemmy@lemmy.world 4 points 3 months ago

No need for audits. It's only critical infrastructure embedded into tens of thousands of homes, lol.

[–] Telorand@reddthat.com 10 points 3 months ago

Yet another reminder that trust should be earned.