this post was submitted on 09 Aug 2024
83 points (96.6% liked)

Technology

83411 readers
3080 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
83
512-bit RSA key in home energy system gives control of “virtual power plant” (arstechnica.com)
submitted 2 years ago by GreenEngineering3475@lemmy.world to c/technology@lemmy.world
25 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] GreenEngineering3475@lemmy.world 20 points 2 years ago* (last edited 2 years ago) (2 children)

From the article:

In an email, a GivEnergy representative reinforced Castellucci’s assessment, writing:

In this case, the problematic encryption approach was picked up via a 3rd party library many years ago, when we were a tiny startup company with only 2, fairly junior software developers & limited experience. Their assumption at the time was that because this encryption was available within the library, it was safe to use. This approach was passed through the intervening years and this part of the codebase was not changed significantly since implementation (so hadn't passed through the review of the more experienced team we now have in place).
[–] sugar_in_your_tea@sh.itjust.works 15 points 2 years ago (1 children)

So, it sounds like they don't have regular security audits, because that's something that would absolutely get flagged by any halfway competent sec team.

[–] WhatAmLemmy@lemmy.world 4 points 2 years ago

No need for audits. It's only critical infrastructure embedded into tens of thousands of homes, lol.

[–] Telorand@reddthat.com 10 points 2 years ago

Yet another reminder that trust should be earned.