Comments

ThemePro August 25, 2025 8:07 AM

Why cite a paywalled Wired puff piece instead of KrebsOnSecurity? Krebs actually did the work and correctly pointed the finger at Paradox, not customers like McD’s. Wired’s framing was misleading clickbait.

Anonymous August 25, 2025 9:27 AM

@ThemePro

Andy Greenberg’s piece is from July 9, 2025. Sorry you can’t see article. Paradox.ai jumps on it somewhere around paragraph 5.

Krebs’ article with additional detail is July 17, 2025.

wiredog August 25, 2025 10:32 AM

They should use a passphrase. Something like:
two all beef patties special sauce lettuce cheese pickles onions on a sesame seed bun

jelo 117 August 25, 2025 12:07 PM

As von Neumann said “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

Have your pseudorandom number, just make sure it isn’t in the range of some low complexity function (where the function domain is included when measuring complexity).

lurker August 25, 2025 2:27 PM

“It had not been logged into since 2019 and frankly, should have been decommissioned. …” [via Krebs]

“When will they ever learn … ” [via Pete Seeger]

Andrew August 25, 2025 3:00 PM

A 3rd party developer’s test account on a 3rd party app … I believe the post should be calling out Paradox for hosting an app they developed with the mentioned highly privileged test account left active.

Dave August 29, 2025 9:28 AM

Surely McDonalds should have commissioned their own pen test on any software they purchased?

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.