this post was submitted on 09 Aug 2024
89 points (96.8% liked)

Technology

59174 readers
2689 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
89
512-bit RSA key in home energy system gives control of “virtual power plant” (arstechnica.com)
submitted 3 months ago by [email protected] to c/[email protected]
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 3 months ago* (last edited 3 months ago) (2 children)

From the article:

In an email, a GivEnergy representative reinforced Castellucci’s assessment, writing:

In this case, the problematic encryption approach was picked up via a 3rd party library many years ago, when we were a tiny startup company with only 2, fairly junior software developers & limited experience. Their assumption at the time was that because this encryption was available within the library, it was safe to use. This approach was passed through the intervening years and this part of the codebase was not changed significantly since implementation (so hadn't passed through the review of the more experienced team we now have in place).
[–] [email protected] 15 points 3 months ago (1 children)

So, it sounds like they don't have regular security audits, because that's something that would absolutely get flagged by any halfway competent sec team.

[–] [email protected] 4 points 3 months ago

No need for audits. It's only critical infrastructure embedded into tens of thousands of homes, lol.

[–] [email protected] 10 points 3 months ago

Yet another reminder that trust should be earned.