Cyber security is one of the biggest threats and likely attack vectors by malicious individuals and even countries and instead of encouraging savvy students who are likely to help us tackle this ‘new’ age problem (and warfare) we’re arresting them. What the actual fuck.
What is interesting is that there are companies, well foreigners based in Malta that do this exact work. The crime here is that Maltese tried doing it. I have come across them internationally.
To put a cherry on top, there are companies based in Malta that offer free security tools which then find bogus issues and demand subscriptions and payment to fix these problems. Some might say it’s unrelated, but it is.
This kind of software is called scare ware. Being based in Malta they enjoy total impunity and get to pay super low corporate tax, never mind the damage to other companies guilty by association of shared jurisdiction.
And let’s not forget that the only people who can work in Malta are dilettantes and bullies. This country detests qualified people. So no wonder there are bugs and flaws.
This has always been the reaction in Malta to anyone pointing out problem .. kill the messenger.. it’s part of a far bigger problem. These poor kids are guilty of thinking they don’t live in Malta or that they are equal in some way.
There is a profession called Ethical Hacking. I know people who do this job. Their job is to hack and provide feedback for security flaws as well as how to improve the security of the server and data.
Strip searched for a cyber “crime”, I’m not sure if I have ever heard of this before. I don’t understand the correlation.
Like selling drugs, you get raided, then I understand possibly the need to strip search. Or even transporting items into the country without declaring, ok I understand a strip search may be necessary. Even if these guys hacked the system, seriously a strip search. Either the police officer was riding a high of authority or this police officer was getting their jolly’s off.
Was that absolutely necessary.
For everyone bitching at them being reported: the data processor is required by law to report a breach. It sucks, but it is what it is.
The police bullying them is the problem here. Since they provenly had no malicious intents and the company is not pursuing anything against them, they could easily be released and commended for it.
Typical situation of police being hard on low-level “crimes” and soft on high-level crimes. Drug king pins are well known but keep on doing what they do, even from inside the prison walls.
Anyone have information on what the flaw is? I.e this article claims that the vulnerability was that every user had admin rights? Another one stated that the students gained access and managed to obtain user data? Or is it a mixture of both? Either scenario does not sound like best practice dev in managing and storing user data. User data should be stored encrypted, and it is not that hard today to do that. If users created in the app are by default admins, it is very sloppy for a consumer facing app on the AppStore.
Normally security researchers find vulnerabilities all the time in apps. They are reported to the company in question and usually if it is a non critical vulnerability the company is given between 45-90 days to fix it. Then the researches submit a public report regardless if the app company fixes it in time or not.
Big tech companies have bug bounty programs, like Microsoft. So the practice is not at all uncommon.
8 comments
Cyber security is one of the biggest threats and likely attack vectors by malicious individuals and even countries and instead of encouraging savvy students who are likely to help us tackle this ‘new’ age problem (and warfare) we’re arresting them. What the actual fuck.
What is interesting is that there are companies, well foreigners based in Malta that do this exact work. The crime here is that Maltese tried doing it. I have come across them internationally.
To put a cherry on top, there are companies based in Malta that offer free security tools which then find bogus issues and demand subscriptions and payment to fix these problems. Some might say it’s unrelated, but it is.
This kind of software is called scare ware. Being based in Malta they enjoy total impunity and get to pay super low corporate tax, never mind the damage to other companies guilty by association of shared jurisdiction.
And let’s not forget that the only people who can work in Malta are dilettantes and bullies. This country detests qualified people. So no wonder there are bugs and flaws.
This has always been the reaction in Malta to anyone pointing out problem .. kill the messenger.. it’s part of a far bigger problem. These poor kids are guilty of thinking they don’t live in Malta or that they are equal in some way.
There is a profession called Ethical Hacking. I know people who do this job. Their job is to hack and provide feedback for security flaws as well as how to improve the security of the server and data.
Strip searched for a cyber “crime”, I’m not sure if I have ever heard of this before. I don’t understand the correlation.
Like selling drugs, you get raided, then I understand possibly the need to strip search. Or even transporting items into the country without declaring, ok I understand a strip search may be necessary. Even if these guys hacked the system, seriously a strip search. Either the police officer was riding a high of authority or this police officer was getting their jolly’s off.
Was that absolutely necessary.
For everyone bitching at them being reported: the data processor is required by law to report a breach. It sucks, but it is what it is.
The police bullying them is the problem here. Since they provenly had no malicious intents and the company is not pursuing anything against them, they could easily be released and commended for it.
Typical situation of police being hard on low-level “crimes” and soft on high-level crimes. Drug king pins are well known but keep on doing what they do, even from inside the prison walls.
Anyone have information on what the flaw is? I.e this article claims that the vulnerability was that every user had admin rights? Another one stated that the students gained access and managed to obtain user data? Or is it a mixture of both? Either scenario does not sound like best practice dev in managing and storing user data. User data should be stored encrypted, and it is not that hard today to do that. If users created in the app are by default admins, it is very sloppy for a consumer facing app on the AppStore.
Normally security researchers find vulnerabilities all the time in apps. They are reported to the company in question and usually if it is a non critical vulnerability the company is given between 45-90 days to fix it. Then the researches submit a public report regardless if the app company fixes it in time or not.
Big tech companies have bug bounty programs, like Microsoft. So the practice is not at all uncommon.
Lost all respect from free hour ngl