Mobile spyware fan Saudi Crown Prince accused by US intel of Khashoggi death The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted. Khashoggi, a critic of the ruling Saudi Arabian royal family, was ambushed and assassinated in 2018 when he …
A bunch of old cunts are a bunch of old cunts. We all know who they are, so I'm not sure what your point is. Anyway, if you want to talk about the other kind, here's an article for you.
I can't help thinking that there is probably a bit more to the Khashoggi story than is being publicly discussed. The bit about collecting paperwork for his wedding doesn't sound quite true. I wonder if he was really expecting to collect some classified information from a source within the embassy. Or if he was on a mission for some intelligence agency.
...Well, he was a renowned journalist. I don't think him digging up juicy secrets about the government when he was outwardly critical of it is out of the question. I also don't think it's immediate slander to consider it.
And, were that really the case, wouldn't it make it even more serious with the political leader having him assassinated?
Not saying any of this is true mind you. Just taking the other position.
And there's no way to know whether the people he sentenced were the ones who actually did it, or that the person serving the sentence is the one named in the conviction/sentence.
Would be a convenient way of ridding himself of five innocent people, and no one would dare speak up lest they see the same fate!
Isn't a better question "who hasn't removed all the possible SQL injections from their legacy code bases?". And the answer to that would be "a great many organizations".
Modifying existing applications is expensive and dangerous. It's not easy to persuade an organization to commit to that based on a risk they have trouble assessing.
I'm not saying they shouldn't; IT security is part of my job, after all. I'm just pointing out that the economics make it difficult.
There's also the possibility of the attack vector being in a dependent library and not the main codebase. Yes, let's increase complexity by fixing all the bugs and security posture in all the libraries we ingress.
Would it be totally cool to do so? Absolutely. Is it financially and operationally viable? Hell no, not unless you're Google.
I tend to agree with you about the dependent library part.
Gab was only formed in 2016, so should have been built without the errors of the past, but as we all know, the general trend is re-use rather than innovate. I understand why: you're not spending resources re-writing what has already been written by others. However, with that, you need to fully test dependencies just like you test your own code. Like in many cases, that seems to not have happened.
#1 in the 2020 list is...
Injection flaws.
https://owasp.org/www-project-top-ten/
As a developer myself, I derive no pleasure in saying that Developers are dropping the ball here. Unless of course in certain cases where a programmer is mealy tasked with implementing according to the desired design of a higher authority, and has no say in the matter.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
