The simple issue. Devices to control the home (taps, light switches, physical locks with keys etc) have a half-life in the decades, while smart control systems have a half-life of about 18 months.
Eg: I have been in this house for 5 years, some of the light switches are 50 years old. They still work. While a friend who renovated their home 5 years ago has had to completely replace their smart home system in that time. They gave up on most of the tech and went back to dumb controls as the maintenance overhead was ridiculous.
Idk I always understood the releases. ~YYMM then YYHX. The update from the second half of 2022 is 22H2, before that, 1909 for September 2019 (if I remember right it was delayed til October) but can you tell me how old 8.1 is just by looking at the number? >!2013 sometime I think?!< To me this just makes so much more sense idk. They mention “Fall Creators Update” and “Anniversary update” which are more akin to codenames than what they call the update.
Those of us in the U.S. can say oh that's so China but Presidential candidate Nikki Hayley floated the same thing recently saying "Every person on social media should be verified by their name. It’s a national security threat,” she has since walked it back some after being called out for it, but authoritarians will probably come back to the idea.
This is something that the Government of India has been pushing for too. Get distracted for a minute, and this might happen in your country too before you even realise what is happening.
Sounds great but also sounds like one of those technologies that works in a lab but may not scale up to mass production. Let us know if it can be made cheaply on a large scale
The Register seems to suffer from what many in the media do, which are lazy reporters. The register has not done its own research or even asked questions about what is being claimed.
“He who makes the claim carries the burden of proof!”
Should the question not have been asked, if the hacker has access to the admin and permissions to modify the security, then is it really a hack?
Same with the CVS report. They don't check that what is being reported is actually a vulnerability.
I don't want to link to this guy's site because he's a conman trying to get recognition for his fantasy.
I don't even want to have to reply to this nonsense as I’m busy actually doing work!!
0xb120 even admits this:
“In OpenCart versions 4.0.0.0 to 4.0.2.3, authenticated backend users having common/security “access” and “modify” privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.”
He's saying that for this vulnerability to work access and modify privileges. So why would you give permission to a low level user the ability to rename a directory? Another point is that said functionality to rename the directory is removed once you click the move storage directory!
Reasons that Authenticated Static Code Injections in OpenCart (CVE-2023-47444) not can be carried out:
Hackers need to know the admin name - If the default admin folder name is admin then when the user visits the opencart dashboard a security popup comes up telling the user to rename the admin directory.
Hackers need access to the admin - So first your hacker will need access to the opencart admin by having the username and password. There is also the optional 2 factor auth also that can be enabled.
Hackers need permission to view or modify - So not only does the hacker need a login but also needs a login with permission to modify the security popup.
Security popup - The security popup only works if the installation directory exists, storage path is in the web root or if the admin is named “admin”. If you have just begun to set up an opencart site then you would need to follow the security popup instructions to make your site secure. The security popup should not show up on a production site if you have followed the instructions.
It is quite clear that the security popup tells you that your site will be vulnerable to hacking if the opencart installation admin is not renamed, that the installation directory is not deleted and the storage folder is not moved!
It was also reported that I later merged a fix that fixes the alleged hack:
If you haven't followed the security instructions then there's a lot more security issues like the storage directory being exposed.
The fact that this guy claims he worked on the vulnerability for a month yet still can not pull it off without the end user giving him access to the site shows that opencart is very secure or this guy is completely useless at his job.
I got called a narcissist but I'm not the one making up claims. 0xb120 is trying to craft a narrative that makes him look like a hero! Who's the narcissist ! I didn’t contact him!
What a clown!~
OpenCart is currently at 298,000 Live sites! We have dropped a bit from 450,000 but the whole market has since COVID and the war in Ukraine.
The register also makes claims about my competitors:
Woocommerce - I have spoken with woo commerce a while ago and it seems u are confusing woocommerce with wordpress. Wordpress has over 1 million sites but they are a blogging platform. Woocommerce has very low numbers.
Same with Squarespace.
Magento has 160,000 live sites which is half of OpenCart and they got bought for 1.6 billion.
Shoppify overtook OpenCart in Sept 2017 after getting billions in investment. They are also not open source and you can't access their code base!
P.S
Also If anyone is looking for a good story I know a very good one that involves child traffickers, judges and police. It will make your blood boil!
It will be a huge cause of accidents killing children based on what I’ve seen. Field of view seems more limited than on other SUVs and they all suck in that aspect.
And as well as killing everyone in the family van, it’ll snap every neck inside the tin bucket. With all the lights and right angles, its a struggle to make it look good, but wow, seeing it drive on the road, it just looks like a dusty lump of scrap.
technology
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.