this post was submitted on 08 Sep 2025
50 points (72.7% liked)

Technology

75094 readers
2193 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
50
ICEBlock handled my vulnerability report in the worst possible way (micahflee.com)
submitted 6 days ago by Pro@programming.dev to c/technology@lemmy.world
30 comments fedilink hide all child comments
 

cross-posted from: https://programming.dev/post/37090037

Comments

you are viewing a single comment's thread
view the rest of the comments
[–] LodeMike@lemmy.today 8 points 6 days ago (8 children)

This is an Apache server version error it takes 5 minutes to fix.

[–] x1gma@lemmy.world 13 points 6 days ago (7 children)

So fucking what? He is not being paid in any kind, and anything he does on that project is volunteer work. If he was not able to do anything on that project due to regular work, vacation, personal issues, or the simple fact that he didn't want to?

If you don't pay for a service, you don't get to decide what people do, deal with it

[–] Bane_Killgrind@lemmy.dbzer0.com 4 points 6 days ago (6 children)

Well on one hand sure.

On the other hand, detrimental reliance is a tort and if someone is relying on an app for a specific safety function, the app could be civilly liable if it fails it's function in some way.

Imagine if you had this attitude about an insulin use tracker/calculator, that sometimes gave wildly wrong insulin dose numbers.

Maybe down the road, it's decided that aiding and abetting ICE is a crime, and providing misinformation intentionally or unintentionally is a criminal act. App developer dude could be criminally liable if he knew or ought to have known he had vulnerabilities. You know, in your New Nuremberg trials that you are going to get sometime in the next decade or so.

That's not to say the researcher is in the clear, the timeline is too tight for his end of this to be a responsible disclosure.

Without providing more details, I also discovered that his server is running outdated software with known vulnerabilities.

I was intentionally vague because I knew that his server was vulnerable at the time of writing, and I didn't want anyone to exploit one of these vulnerabilities before he had a chance to fix it.

Also, this is not vague, profiling techniques exist, and it puts a clear target on the iceblock servers.

[–] Randomgal@lemmy.ca -2 points 6 days ago (1 children)

You don't like it, don't use it. Lol

[–] Bane_Killgrind@lemmy.dbzer0.com 1 points 5 days ago

I'm also in Canada. Just because I'm not using it, I'm not going to give either of these guys a pass on maybe hurting people, or even putting them at risk of harm.

load more comments (4 replies)
load more comments (4 replies)
load more comments (4 replies)