69
Researcher flags OpenCart security issue, founder rages (www.theregister.com)
submitted 8 months ago by Illecors@lemmy.cafe to c/folderol@lemmy.cafe
10 comments fedilink hide all child comments

This is great. Truly unbelievable how quickly can someone dig their own hole.

Security guy's blog post

The GitHub issue. Well worth a read.

top 10 comments
sorted by: hot top controversial new old
[-] nick@midwest.social 13 points 8 months ago

Someone went off his meds and started posting to the internet.

[-] naught@sh.itjust.works 11 points 8 months ago

Guy writes like the donald trump of software

[-] nick@midwest.social 6 points 8 months ago

No kidding, way to burn every bridge. Software is an amazingly small world and he just torpedoed his career if he ever decided to find a job.

[-] ASeriesOfPoorChoices@lemmy.world 11 points 8 months ago

I don't often read GitHub issue discussions, but that was wild.

[-] justdoitlater@lemmy.world 8 points 8 months ago

Yeah, not smart to pissoff the infosec community..

[-] Amaltheamannen@lemmy.ml 7 points 8 months ago

Hilarious. The end where he talks about child trafficking and police, hahaha wtf?

[-] Illecors@lemmy.cafe 2 points 8 months ago

I did not fully get it, either. Thr Reg comments are implying that's related to QAnon, but I'm only vaguely familiar with it, not sure it's related.

[-] Hupf@feddit.de 5 points 8 months ago

Looks like just fixing the issue would involve much less energy and negative pr

[-] Auzy@beehaw.org 3 points 8 months ago

I used to use OpenCart. It is actually a very easy cart to modify

[-] autotldr@lemmings.world 1 points 8 months ago

🤖 I'm a bot that provides automatic summaries for articles:

Click here to see the summaryThe owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product.

This was before tagging him and another user who highlighted a session hijacking issue affecting OpenCart versions also vulnerable to the code injection flaw, validating the seriousness of Brollo's report, telling them to "FUCK OFF."

The incident bears resemblance to a similar case dating back to 2012 when members of the infosec community on a number of occasions drew OpenCart's attention to its insecure password-hashing practices.

Onlookers were forced to explain why alternatives should be implemented to increase the level of password security to an acceptable standard.

Kerr responded to users, who flagged issues surrounding the methods for generating salts and the low number of iterations of its SHA1 algorithm, initially by questioning their experience.

Main competitors include firms such as WooCommerce, Shopify, and Squarespace – all of which command a significantly greater market share compared to OpenCart, according to Statista's data.

Saved 77% of original text.

this post was submitted on 27 Nov 2023
69 points (100.0% liked)

Folderol

99 readers
2 users here now

From Cambridge Dictionary:

unnecessary actions or words that have little meaning and make something seem more important or complicated than it really is

founded 11 months ago
MODERATORS
Illecors@lemmy.cafe