2.5 Admins 2.5 Admins 263: Seagate RAID
18 snips
Sep 4, 2025 Discover the vulnerabilities lurking in McDonald's IT systems, including alarming coding errors and hardcoded API keys. Uncover the shocking global scheme where counterfeit Seagate drives were sold as new, intertwined with organized crime. Hear about a developer's drastic actions post-firing, and a woman's role in North Korean cyber infiltration. Lastly, tackle the intricacies of setting up ZFS without traditional operating systems, and navigate the challenges of managing Snaps on Ubuntu for enhanced stability.
AI Snips
Chapters
Transcript
Episode notes
Reporter Finds Major Client-Side Flaws
- Bob DeHacker walked through client-side validation flaws to exploit McDonald's ordering and rewards systems.
- He struggled to get anyone at McDonald's to respond despite demonstrating real risks.
Client-Side Logic Undermines Security
- Embedding API keys and relying on client-side checks exposes privileged actions to anyone with the app.
- Making security decisions on the client is fundamentally insecure and invites abuse.
Make Reporting Channels Easy To Find
- Publish an easy-to-find security.txt and run a bug bounty program if you accept money in your app.
- Make reporting channels reachable so external researchers can disclose vulnerabilities responsibly.
