If you are wondering if it’s because of incompetence or malice, it’s both.
WordPress powering the backend through a custom REST API. That’s pretty normal, as nearly 42% of all websites on the internet are powered by WordPress.
is this normal? of course WordPress is popular for websites, but why a REST API? most of this seems just like shoddy junior work. probably vibe coded by someone who thinks software engineering is obsolete
Actually, Wordpress is made for blogs and the plugin architecture (to do things like shopify) has heavy security issues. If you don’t make a very basic blog, use a different framework. And if you do, better look into static site generators.
Because their app is essentially a website. News, videos, photo galleries. WP REST API is useful for writing a front-end using a different language than PHP while keeping the very convenient admin interface that most content managers are familiar with.
And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site.
It also pings your location every four minutes. But man, a random github is gold. These morons have the full power of the United States at their fingertips, and they use it to… load JS from a random github while tracking you.
Can you imagine The United States Government getting hit with a JS supply chain attack due to sheer stupidity? What a time to be alive
It would be impossible to distinguish the malware from the apps intended function
Someone convincing enough could easily just tell them theres an attack. I have a feeling they wouldn’t have any idea how to check.
Bc they used AI to write it. Why random stuff is included in the app for no reason
That would make sense. Ugh
Nerd nit (sorry): if you want to abbreviate “JavaScript” please use “JS” because Java is a different thing. Sorry!
PS thanks for posting the quote
Extra nerd nit: If you want to abbreviate the postscript announcement, please use “p.s” because PostScript is a different thing!
p.s. thanks for pointing out the difference between Java and JavaScript
Nerd alert!
(I kidd, thank you for the correction)
Based on how open source currently is funded and it’s a random github source. I wonder if, hypothetically, could iran send the owner a dm offering say $500k and get complete access to the phones of everyone running this app. I could see this being default installed on company phones if you work for the white house or federal government.
Don’t make the github changes noticeable, keep the app working, but for example when it checks your location and sends that home imagine a slight change to also include complete browser history or list of installed apps.
One of trump’s yes men receives a message “do what I ask or I’ll publish that you have grindr installed, your account name, and all the people you swiped right on…” that could give them insane power over the US government.
Sure, why not. If people were as competent as the movies theyd have already owned the apps data.
Hey, it’s cheaper than a single missile…
Its honestly incredible how dumb these people are.
Hardcoded:
root_username: putin root_password: i_luv_russiaUsername would be Krasnov I think
krasnov only gets you basic access. For admin privileges you need to sign in with putin.
Is anyone surprised that one of the most if not the most incompetent and corrupt administrations in the history of the US is churning out shit that is corrupt and messed up?
This administration doesn’t live in reality so I am sure whoever was building that thing sure didn’t feel like anyone wants to hear about problems.
Have you ever noticed that 90% of all government-owned /designed apps are absolutely horrific nightmares?
Do you think government is promoting this gov.uk app and I look at it in exactly the same way I think of full strength everclear: absolute concern.
I am downvoting due to the clickbait title, and you should too!
Done! Downvoted you for downplaying the security nightmare that the pedo’s regime put out.
