Security News > 2023 > May > S3 Ep135: Sysadmin by day, extortionist by night

S3 Ep135: Sysadmin by day, extortionist by night
2023-05-18 18:48

You know your catchphrase, "We'll keep an eye on that"?

Even worse, Doug, it seems that, when they became suspicious of him.

If you make certain key system activities require the authorisation of two people, ideally even from two different departments, just like when, say, a bank is approving a big money movement, or when a development team is deciding, "Let's see whether this code is good enough; we'll get someone else to look at it objectively and independently".

It's a buffer overflow, Doug, plain and simple.

Foolishly, perhaps, the people who built the system decided that it would be good enough if they simply checked how long the name was *that you typed into your phone when you used the app to change the name*: "We'll avoid sending names that are too long in the first place."

DOUG. "Clearview, please stop doing this."


News URL

https://nakedsecurity.sophos.com/2023/05/18/s3-ep135-sysadmin-by-day-extortionist-by-night/