
The City of Los Angeles paid $300,000 for a vulnerable earthquake alert app - OwnDistribution
http://iamprettydamn.cool/2019/la-earthquake-app/
======
OwnDistribution
Disclaimer: I wrote this post. The link uses Google Analytics, and if you
don't want that, you can use this[0] link instead.

This is the first writeup like this that I've done, so if you have any
feedback on the content/writing, lmk! You can comment here or DM me on
twitter, @asg_027

[0] [http://iamprettydamn.cool/2019/la-earthquake-
app/?notrack=1](http://iamprettydamn.cool/2019/la-earthquake-app/?notrack=1)

------
WheelsAtLarge
I applaud the work done on the research to find the vulnerabilities. But
writing about it just to criticize the creators is a shitty reason to do it.
I've never known software that's perfect from the start. I hope the author has
contacted Colworx to help fix the problems.

The app has a needed function and should be supported rather than just
criticized.

~~~
gus_massa
If they really put the real password in a public repository, then it's not a
minor mistake. It's a huge error.

Perhaps the author could have contacted them to give them a few days before
the announcement, so can they delete[1] the data from the repository, but it's
nevertheless a huge error.

[1] You can't really delete anything from the internet, it's only a hide
button. They can try to change the password in the server anyway.

------
socaller
Awesome job, they should have hired you

