Security News > 2020 > September > Old and busted: Targeting servers and web bugs. New hotness: Pwning devs with targeted poisoned stacks

Speaking at the 2020 Disclosure conference, Jones outlined how the trust many developers put in their software stacks and shared code, paired with a disturbing lack of online savvy, can make them easy pickings for hackers.

"Systems are generally hardened - they have patches, they have firewalls, they have monitoring," Jones explained, "But [some] developers will run literally any bullshit they find on Stack Overflow. They keep credentials lying about, they're obviously going to have the source code and some production data sitting on their hardware as well."

Jones said much of it is down to exploiting the trust developers put into shared code and software stacks.

Because so many developers will pull, copy, and share their open source code without a second thought, they will happily exploit their own machines.

After years of sharing code and tips with other developers and seeing their peers ignoring warnings while working on projects, many coders have unlearned some of the basic rules other users follow.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/04/disclosure_developer_targeting/