504

You can do anything at Zombocom (sopuli.xyz)

submitted 1 month ago by Gork@sopuli.xyz to c/programmer_humor@programming.dev

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] einkorn@feddit.org 26 points 1 month ago

You are braver than I am because here in Germany usually people get sued for reporting security vulnerabilities.

[-] MonkderVierte@lemmy.zip 15 points 1 month ago

Yep, don't do that if you live in a Internet ist Neuland country.

[-] victorz@lemmy.world 7 points 1 month ago

tf? They should offer you a job if anything.

[-] einkorn@feddit.org 10 points 1 month ago

That is if you'd live in a place with an open attitude toward new technologies.

[-] victorz@lemmy.world 1 points 1 month ago

But the technology is already there in place, and you get sued if you point out security flaws in it? Crazy.

[-] einkorn@feddit.org 3 points 1 month ago

Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.

[-] victorz@lemmy.world 3 points 1 month ago

Time for some reform. Finding security holes is very important and benefits everyone.

[-] einkorn@feddit.org 2 points 1 month ago

Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.

[-] CompassRed@discuss.tchncs.de 1 points 1 week ago

Interestingly, I didn't have to circumvent any security measures to uncover the vulnerability. They had a page that was leaking api keys - all you had to do was watch the network requests. That's why I chalk it up to luck and not my prowess in cyber security.

[-] EldenLord@lemmy.world 3 points 1 month ago* (last edited 1 month ago)

I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.

[-] bless@lemmy.ml 2 points 1 month ago* (last edited 1 month ago)

Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is

[-] CompassRed@discuss.tchncs.de 2 points 1 week ago

For the record, I didn't bring up a bounty, but I still received payment. It helps that it is a small company, and that the CEO is also a developer. They were so grateful for the discovery that the bounty was freely offered without me asking.