CEO of Rookout. Has led data-driven businesses, products and R&D teams over the last two decades, from startups to government organizations.
Cloud. Microservices. Containers. Serverless.
These are buzzwords everyone in the software industry has become familiar with. That’s not even getting into the world of “machine learning” and “AIOps” (artificial intelligence operations). While it’s true that many cutting-edge companies, particularly in the tech industry, are embracing and adopting modern software architectures and methodologies, the fact is that the large majority of companies are running legacy applications responsible for millions, if not billions, of dollars in revenue.
The pandemic has shown just how much we rely on these aging legacy IT systems. According to a recent report from AppDynamics, 66% of IT professionals say that “the pandemic has exposed weaknesses in their digital strategy, driving an urgent need to push through initiatives which were once a part of multiyear digital transformation programs.” While we can hope this time will be a forcing function for many businesses to reflect and modernize, history shows that change is hard and that if things return to normal, so will old processes.
Governments, banks, airlines — nearly every major industry is dealing with old IT, hardware and legacy code that makes moving fast impossible, resolving issues difficult and troubleshooting applications expensive. These old systems are more prone to have bugs, cause outages, and waste software engineering time.
One of the major reasons many of these organizations are slow to modernize is that they don’t want to jeopardize the stability of their core applications. If you ask their engineers, many of them wish they could snap their fingers and make them cloud-native, but the fact is that migrating to new technologies is cumbersome and often messy. While legacy code is a pain, it’s often responsible
A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. All a bad actor needed to do was type in a user’s email address in the password reset page and then pop open the dev tools to get the reset token. By adding that token to the end of the password reset URL, they won’t even need to access the victim’s inbox — that’s the exact link sent to the user’s email anyway. It loads the page where they can input a new password, giving them a way to ultimately take over the victim’s account.
A French security researcher named Wassime Bouimadaghene discovered the flaw and tried to report it to the dating service. When support closed his ticket and he didn’t hear back, he asked help from security expert Troy Hunt who worked with another security expert (Scott Helme) to set up a test account and confirm that the vulnerability does exist. Hunt, who called the issue “one of the most basic account takeover techniques” he’s ever seen, managed to get in touch with Grindr’s security team directly by posting a call for their contact details on Twitter.
While Grindr quickly fixed the issue after hearing from Hunt, the incident underscored the platform’s shortcomings when it comes to security. And that’s a huge problem when the dating app caters to individuals whose sexual orientations and identities could make them a target for harassment and violence. This isn’t the first security issue Grindr has had to deal with. Back