Is this kind of attack something I should report to the main developer?

Vending machines at my workplace got recently changed and the new ones support an hybrid NFC\BT system to pay through a dedicated application.

Looking for online, I found some articles about this app being cracked and how it was done. Being several months later, I expected some new security measure to have been added so I decided to have a try and see if I could bypass them and repeat the process.

Original crack consisted of manually changing the data stored locally on a DB with a weak password, but since I don’t have a rooted phone and I have found traces of HTTPS requests being performed with checks on consistency on the credit, I decided to go another way.

Assumin vending machines do not connect online, I changed all the references to the remote REST endpoint (plain string constants) with a server of my own and I have successfully been able to login (or at least, make the app believe I logged in).

Now, assuming I fill the gaps and will be able to successfully buy stuff, is all this worth sharing with the developer, to have them take further security measures? Is there something serious they could do that would not require completely changing the infrastructure?

Build your Own Android Apps – 16 GB Developer Course Complete [Video Tutorial] for $10

Get this Video Course At a Fraction of the Online Price £199.99LearnMake pretty much any Android app you like (your only limit is your imagination)Submit your apps to Google Play and generate revenue with Google Pay and Google AdsBecome a professional app developer, take freelance gigs, and work from anywhere in the worldBored with the same old, same old? Apply for a new job in a software company as an Android developerAboutLearn Android App Development with Android 8.0 Oreo by building real apps including Twitter, Instagram, and Super Mario Run. Wish you’d thought of Whatsapp/ Instagram/ Google Maps? Me too. But until I work out how to build a time machine, this course is the next best thing – The Complete Android Oreo Developer Course. Kicking things up a notch from my smash-hit The Complete Android N Developer Course, my latest course is your fast-track, skip-the-queue ticket to building high-caliber Android apps. Because let’s face it… you’re busy. You want results. And you don’t have time to hang around. Whether you’re looking to usher in the next generation of smart TVs, fitness wearables, games consoles, game-changing AI, smartwatches, or you just want to build simple apps for good old-fashioned fun, Android 8.0 Oreo is your key to unbridled creativity. Its advantages include:Freedom to work from anywhere (beach, coffee shop, airport—anywhere with Wi-Fi)Potential to work with forward-thinking companies (from cool start-ups to pioneering tech firms)Rocket-fuelled job opportunities and powered-up career prospectsA sense of accomplishment as you build amazing things Make any Android app you like (your imagination is your only limit)Submit your apps to Google Play and potentially start selling within hoursNo previous Developer Skills required, we teach you everything from a child’s perspectiveStyle and ApproachLearn Android App development with Android 8.0 Oreo by building real apps including Twitter, Instagram, and Super Mario Run. This is a rigorously tested, exhaustive (yet fun) course with a serious thud factor—our most extensive, thorough, and detailed course on Android EVER.FeaturesLearn all the new features in Android Oreo such as adaptive icons, picture-in-picture, downloadable fonts, and Virtual Reality with Daydream.Dive into Augmented Reality with our ARCore section. Learn how to mix the physical and digital world through the user’s camera.Learn essential skills such as using Bluetooth, game development, and sending users notifications.Get your free mini course on Kotlin.Course Length37 hours 21 minutesHow will i receive and Download this Video course * Download link will be sent to your messages inbox within 12hrs of receipt of payment.* The size of all the theme files is 9 GB which have been separated into 24 zips.* Zip files can be extracted with Winrar or 7-zip. So, you need to install either Winrar or 7-zip on your PC to extract the zips.* These zip files can not be extracted on Server or Google Drive. You need to download these to your PC/Laptop and extract with Winrar/7-zip.* Download link would remain active for 10 days from the date of purchase. So, you need to download it within 10 days after sending you the download link.Please contact me if you don’t understand or have any questions. Table of ContentsChapter 1 : What Does The Course Cover?1. What does the course cover? 00:01:092. How to Get All The Free Stuff 00:02:133. Asking Great Questions & Debugging Your Code 00:02:23Chapter 2 : Introduction to Android Studio1. Introduction 00:01:072. Installing Android Studio On MacOS 00:02:363. Installing Android Studio On Windows 00:02:044. Android Studio Overview 00:11:005. Opening Sample Projects 00:01:596. Formatting Text 00:14:097. Buttons 00:15:418. TextFields 00:17:379. Displaying Messages 00:09:3710. Images 00:14:2011. Currency Converter 00:18:50Chapter 3 : Java Deep Dive1. Introduction 00:01:222. Hello World With Java 00:17:083. Variables 00:18:514. Arrays And Maps 00:14:445. If Statements 00:10:276. Higher Or Lower 00:17:297. Loops 00:18:368. Classes And Objects 00:12:389. App Number Shapes 00:28:42Chapter 4 : Media: Images, Video and Sound1. Introduction 00:01:272. Layout 00:07:443. Fading Animations 00:12:554. Other Animations 00:09:105. Game Connect 3 00:45:146. Video 00:07:017. Controlling Audio 00:09:218. Audio Volume Seeking 00:19:549. Grid Layouts 00:04:5110. App Basic Phrases 00:12:22Chapter 5 : Advanced Android Features1. Introduction 00:01:332. List Views 00:22:353. Times Tables Apps 00:25:314. Timers In Android 00:11:275. App: Egg Timer 00:39:046. Showing & Hiding UI Elements 00:07:327. App: Brain Trainer 1:04:148. Try And Catch 00:08:589. Downloading Web Content 00:23:3010. Downloading Images 00:15:3711. Advanced String Manipulation 00:17:5712. App Guess The Celebrity 00:42:1213. Processing JSON Data 00:22:3814. App Whats The Weather 00:37:20Chapter 6 : Maps & Geolocation1. Introduction 00:00:532. Using Maps In Your Apps 00:07:533. Customising Your Maps 00:08:514. Getting The User’s Location 00:17:135. Showing The Users Location On A Map 00:19:146. Getting Information About Locations 00:16:327. App: Hiker’s Watch 00:40:338. Adding A New Activity 00:21:319. App: Memorable Places 1:00:21Chapter 7 : Permanent Data Storage1. Introduction 00:00:512. Storing Data Permanently 00:40:483. Customising The Action Bar 00:10:454. Using Alert Dialogs 00:26:025. App: Notes 00:43:286. SQLite Databases 00:28:097. Advanced SQLite 00:18:108. Webviews 00:07:469. App: News Reader 00:54:32Chapter 8 : Instagram Clone1. Introduction 00:00:302. Setting Up Parse Server On AWS 00:19:523. Advanced Parse Techniques 00:18:384. Advanced Queries 00:11:235. Parse Users 00:08:426. Login & Signup 00:30:217. Advanced Keyboard Management 00:10:308. Showing The User List 00:12:449. Importing Photos From The Camera 00:28:0910. Viewing Users’ Feeds 00:22:29Chapter 9 : Kotlin1. Introduction 00:01:062. IntelliJ and Setup 00:08:353. Variables, Strings, and Ints 00:04:464. Math and Comments 00:06:005. If Statements and Booleans 00:04:346. Lists and Arrays 00:04:377. For Loops 00:05:518. Maps 00:05:319. Functions 00:07:0110. Classes 00:07:4611. Nullable 00:06:1012. Our First Kotlin App 00:10:5713. Java and Kotlin 00:06:28Chapter 10 : Bluetooth App1. Introduction 00:00:342. The Basics 00:11:103. Device Discovery 00:10:574. Device Detail 00:08:125. Listing Devices and RSSI 00:15:53Chapter 11 : Super Mario Run Clone1. Introduction 00:00:342. GDX Setup 00:08:043. Sprites 00:15:304. Jumping 00:06:375. Coins and Bombs 00:22:416. Game State 00:14:33Chapter 12 : The Extras1. Introduction 00:01:312. Adaptive Icons 00:07:253. Fonts – Downloadable and XML 00:09:004. Autofill and Autocomplete 00:11:285. Version Control 00:10:446. Picture in Picture 00:12:567. Introduction to Daydream 00:11:10Chapter 13 : Android Wear Mini Course1. Introduction 00:00:412. Hello World With Android Wear 00:07:503. Adapting Apps For Different Watch Faces 00:09:104. App People Counter 00:08:485. Working With Lists 00:05:436. Voice Input 00:06:337. Communicating With The User’s Phone 00:14:348. Notifications 00:07:059. Custom Watch Faces 00:08:22Chapter 14 : Twitter Clone1. Introduction 00:00:352. Signup Login 00:22:063. Following & Unfollowing Users 00:23:494. Sending Tweets0:14:335. View Your Twitter Feed 00:19:40Chapter 15 : ARCore App1. Introduction 00:01:052. What is ARCore? 00:08:233. Exploring ARCore 00:07:03Chapter 16 : Submitting Your App To Google Play1. Introduction 00:00:332. How To Submit Your App To Google Play 00:14:23Chapter 17 : App Marketing1. Introduction 00:01:312. App Marketing 00:22:03Chapter 18 : Setting Up A Marketing Website1. Introduction 00:00:302. Setting Up WordPress 00:11:273. Customising Your Site 00:13:13Chapter 19 : Snapchat Clone1. Introduction 00:00:402. Firebase and Auth 00:33:413. Uploading Images 00:33:264. Firebase Database 00:45:255. Deleting Snaps 00:26:28Chapter 20 : Where do you go from here?1. Where do you go from here? 00:01:43Chapter 21 : BONUS CHAPTER 1: Uber Clone1. Introduction 00:01:062. Introducing Uber 00:07:363. Uber Login Page 00:16:334. The Rider Activity 00:32:215. The Driver Activities 00:55:516. Showing The Driver’s Location To The Rider 00:30:41Chapter 22 : BONUS CHAPTER 2: WhatsApp Clone1. Introduction 00:00:442. Login & Signup 00:25:033. The User List 00:12:074. The Chat Activity 00:19:30Chapter 23 : BONUS CHAPTER 3: Flappy Bird Clone1. Introducing GDX 00:07:372. Working with Sprites 00:14:273. Interacting with Sprites 00:12:534. Bringing In the Pipes 00:23:225. Collision Detection 00:19:226. Scoring 00:09:567. Game Over Screen 00:11:04 Delivery Fast and safe

by: hariads
Created: —
Category: Audio & Music
Viewed: 151


I work with a company and another developer posted this and wanted us all to run it. i’m noob with things like this

I don’t really trust the guy and i’m trying to take my time to learn everything about it, but what do you guys think?

generate_ssl.sh

#!/bin/bash  name=ourwebdomain.local openssl req \   -new \   -newkey rsa:2048 \   -sha256 \   -days 3650 \   -nodes \   -x509 \   -keyout $  name.key \   -out $  name.crt \   -config <(cat <<-EOF   [req]   distinguished_name = req_distinguished_name   x509_extensions = v3_req   prompt = no   [req_distinguished_name]   CN = $  name   [v3_req]   keyUsage = keyEncipherment, dataEncipherment   extendedKeyUsage = serverAuth   subjectAltName = @alt_names   [alt_names]   DNS.1 = $  name   DNS.2 = *.$  name EOF  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ourwebsitdomain.local.crt  

This was accompanied by two other files, so here

file ./* generate_ssl:          ASCII text ourdomain.local.crt: PEM certificate ourdomain.local.key: ASCII text 

I’m not that worried i’m more curious. oh then he added this file to our github repo a bit ago, he’s just been acting very weird recently and i’d like to Understand what he’s doing.

mynaems-MacBook-Pro% file dump.rdb dump.rdb: data myname-MacBook-Pro% ls -lh | grep rdb  

-rwxr–r– 1 myname staff 92B Aug 29 22:44 dump.rdb

Laravel PHP & Front-end Developer. for $30

I can develop any customized and fully responsive web application using laravel & php. Further more, I can solve any issue, add new features to existing site. Services: php, laravel issueHtml, css & javascript issuepayment gateway integrationAdmin panelLaravel cms developmentDatabase (MySQL)Email integrationapi integrationLaravel custom site Packages: Responsive.Custom design.Optimized Images for Fast-Load.SEO Friendly design.Time is money. I will plan the price package according to your requirement.Cross-Browser Compatible! (Firefox, Chrome, Safari, Opera)100% satisfaction.30 Days free technical support.Rush Delivery within 4 days at extra cost.Revisions until client satisfaction. Expertise: HTMLCSSBootstrap 4JavaScriptMySQL Database.Laravel Framework PhpReact.js Kindly contact me before placing the order. Thanks.

by: arslnwaz
Created: —
Category: PHP
Viewed: 6


WordPress Developer

I’m a wordpress developer with more than 10 years experience,

Here's our portfolio onhttps://wphobby.com

Themes:

https://wordpress.org/themes/hasium/

Plugins:

https://wordpress.org/plugins/wphobby-woocommerce-product-filter/

https://wordpress.org/plugins/wphobby-woocommerce-mini-cart/

Other works links:

https://themeforest.net/user/wphobby
https://codecanyon.net/user/wphobby

My Skype darell1986…

WordPress Developer

Looking for a Web Developer to outsource WordPress projects to

Hi Everyone

I'm looking for someone to outsource Wordrpess development projects to. This wouldn't be just one site … it would be ongoing. I'm based in Australia and am a Web Developer myself but have decided to hang up my Web Developer hands and just project manage from here on in.

The person (or persons) need to have a high level of experience (I don't have the time or desire to train anyone) and have a very good understanding of the written english language.

Please provide samples…

Looking for a Web Developer to outsource WordPress projects to

I’m Your Web Developer In Php,Codeigniter,Database,WordPress for $120

Welcome to my gig! I will create a custom and responsive website design to your specific business needs, which are of the highest quality at affordable prices. using html/css/javascript/ bootstrap/php/mysql. I am having Excellent Skills with PHP & MYSQL HTML & CSS Bootstrap JavaScript WordPress Why choose me?Highly skilled and passionate seller.Provide 100% professional and quality workMoney Back guaranteeUnlimited Revisions Support and Maintenance Gig Services: Full Responsive Website .custom web designScript Writing and IntegrationAdd New Functionality.Website Customization and ModificationFix Bugs / Errors / Issues.And Much More++. you can see here these things html cssjavascriptbootstrapphp developersbuild websitemysql Note: Before you buy my gig, contact me to make sure I am free for work. It will be better for me and for you, too.

by: aamirasif786
Created: —
Category: PHP
Viewed: 106


What ideas should be mastered to go from a junior to a middle skilled iOS developer? [on hold]

I taught myself how to develop iPhone apps and have been doing so for 5 years. My skill level (junior) is described here: https://github.com/BohdanOrlov/ios-skills-matrix

What ideas must I master to become a middle level developer? What resources would you recommend? Particular books to dive into would be very appreciated!

I’ve learned to code following this line of thinking: “if it works, it works.”

With this, I’ve built several apps from idea to production (some gaining 100k+ users) but as you can imagine, my code is messy.. or at least I think it is. I’ve worked on web apps (php, javascript) and iOS apps (objective-c and swift). Moreover, when I interview for iOS dev jobs, I feel a bad case of imposter syndrome. While juniors who’ve never shipped code that is used by people land jobs, I don’t pass any interviews.

I want to cross the junior to middle skill matrix. What must I learn to do so? Ideas I know I am no expert is so far are: architecture, testing and documentation. What else?