Comment by sciencejerk

Comment by sciencejerk 6 days ago

10 replies

View on Hacker News

I think that Security fuckups of this disastrous scale should get classified as "breaches" or "incidents" and be required to be publicly disclosed by the news media, in order to protect consumers.

Here is a tool with 7,000+ customers and access to 1 million code repositories which was breached with an exploit a clever 11 year old could created. (edit: 1 million repos, not customers)

When the exploit is so simple, I find it likely that bots or Black Hats or APTs had already found a way in and established persistence before the White Hat researchers reported the issue. If this is the case, patching the issue might prevent NEW bad actors from penetrating CodeRabbit's environment, but it might not evict any bad actors which might now be lurking in their environment.

I know Security is hard, but come on guys

Lionga 6 days ago

Code Rabbit is a vibe coder company, what would you expect? Then they try to hide the breach and instead post marketing fluff on google cloud blog not even mentioning they got hacked and can not even give any proof there is no backdoor still running all the time.

What a piece of shit company.

Reply View 7 replies
  • moomoo11 6 days ago

    I got so much heat for calling out that Tea app for being imbeciles who couldn’t bother finishing reading the firebase docs.

    People were quick to blame firebase instead of the devs.

    Vibrators are so fucking annoying, mostly dumb, and super lame.

    Reply View 5 replies
    • wredcoll 6 days ago

      This post would have a lot more meaning if "vibe coders" were the only ones making security mistakes that involved thousands of customers.

      Reply View 4 replies
      • moomoo11 6 days ago

        Yeah you're right. Your post would have a lot more meaning if you would realize that the rate at which security mistakes are occurring is about to explode (if not already).

        That's like saying if/when an AV runs over a bunch of people that its not like they're the only ones running over people human drivers do it too!

        Thankfully, Waymo which I use regularly is fkin awesome and actually works. Then again, they're not vibrating.

        Reply View 2 replies
  • N_Lens 6 days ago

    Petition to call vibe coders “dildos” (coz they’re vibing right?)

    Reply View 0 replies
mihaaly 6 days ago

Agreed.

Being a mere user of web or other apps developed using so clever and felxible and powerful services like this accidentally (due to sheer complexity) exposing all and everything I might consider dear makes me reconsider if I want to use any. When I am granted a real choice. Not so much as time progresses, not so much. Apps are there everywhere using other apps, mandated by organizations carrying out services outsourced by banks, governemnts, etc., granted third parties' access by me accepting T&C, probably catching trouble in the details, or probably not, cannot be sure.

A reassuring line like this >>This is not meant to shame any particular vendor; it happens to everyone<< may calm providers but scare the shit out of me as a user providing my sensitive data in exchange for something I need, or worst, must do.

Reply View 0 replies