Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Nissan Source Code Leaked Online After Git Repo Misconfiguration (zdnet.com) 50

Posted by msmash from the security-woes dept.
The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers. ZDNet reports: The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin, Tillie Kottmann, a Swiss-based software engineer, told ZDNet in an interview this week. Kottmann, who learned of the leak from an anonymous source and analyzed the Nissan data on Monday, said the Git repository contained the source code of: Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems / Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale / market research tools + data, various marketing tools, the vehicle logistics portal, vehicle connected services / Nissan connect things, and various other backends and internal tools.
This discussion has been archived. No new comments can be posted.

Nissan Source Code Leaked Online After Git Repo Misconfiguration More

Nissan Source Code Leaked Online After Git Repo Misconfiguration

Comments Filter:

  • wow just wow both CE and EE have ldap and sso (Score:3)

    by Joe_Dragon ( 2206452 ) on Wednesday January 06, 2021 @06:11PM (#60904356)

    wow just wow both CE and EE have ldap and sso settings and it's easy to change that default admin password (also sso and ldap config is in the config files)

  • Everything but the cad files then. Great work!

  • So what should be open source... (Score:3)

    by BAReFO0t ( 6240524 ) on Wednesday January 06, 2021 @06:51PM (#60904438)

    So code that the owner of the owner of the car should have access to before during and after he owned the car.

    You expect me to trust a two ton hunk of metal where you don't want to tell me what it's really doing? Wjy would you not want to tell me, unless you think I won't like it? Are you evil or insane? (Usually: Same thing.)

    • half the problem is why are you driving a 2T vehilce in the first place. Do you always carry a bag of cement around the house as well ?

      • half the problem is why are you driving a 2T vehilce in the first place. Do you always carry a bag of cement around the house as well ?

        Full-sized cars are now re-approaching 2T (median weight of sedans is 3,351 lb.) and even compacts are close if they are AWD and/or hybrid, let alone full EV — a model S weighs 4,883 to 4,941 lbs. An audi turd weighs 5,699 lbs! The increase of weight in non-EVs is due mostly to an increase in content (everything from more airbags to more asphalt sound deadener) and also partly to improved impact standards which generally require more metal to be added to the unibody. The average new vehicle in the US

        • None of your reply actually refuted my statement about oversized cars.

          • I explained why cars are heavier now. If you find that confusing, maybe slashdot is not for you.

            • Yes you did tell me that americans like bigger cars, and im making the point in reply that bigger trucks and cars are unnecessary and stupid.

              • What you are ignoring is that cars have gotten heavier all over the world.

                We do a lot of driving in the USA, why would we want to cram ourselves into tiny soup cans?

                • Most Americans do not need a pickup , for most the pickup on the back are empty basically all the time. Most people do not need a SUV/4WD, for starters they only drive on paved roads and not thru the countryside and mud. Most america may drive a lot but the problem is they do not need to, they could do quite well skipping that driving. You dont need to drive to buy a coffee, you dont need to goto the shops to buy bottled water. Most american cars are crap, eg Ford pickup trucks and are equivalent of carry

                  • Most Americans do not need a pickup

                    Yes, I've ranted about the same myself*. So? We're talking about how cars have gotten heavier. That's irrelevant.

                    Most people do not need a SUV/4WD

                    First, you're conflating two different things. Second, most of our vehicles are not 4WD, they are AWD. Only the pickups are usually 4WD, and even most of those aren't! Of the cars which are 4WD, most of them are just AWD vehicles plus a locking center diff. Third, [modern unibody] SUVs and CUVs are safer for the occupants in a collision, so it's easy to see why they would opt for them. They also

                    • >> Most people do not need a SUV/4WD > First, you're conflating two different things. Second, most of our vehicles are not 4WD, they are AWD. Who cares, does it really matter for the purposes of our discussion ? >> You dont need to drive to buy a coffee, you dont need to goto the shops to buy bottled water. > Most of us don't just drive out to buy a coffee, get it, and come home. Lots of us pick up a coffee on our way to somewhere else. HOW TERRIBLE!1!!1!! I never said most, again you
                    • > Most of us don't just drive out to buy a coffee, get it, and come home. Lots of us pick up a coffee on our way to somewhere else. HOW TERRIBLE!1!!1!! You dont get it, you are wasting your life sitting traffic, running to pick up and this and that. Not only are you wasting your life, you are causing pollution.

                    • Jesus, now I have to not only deal with your lack of logic, but also your lack of paragraph breaks? Fuck that.

                    • Most of us don't just drive out to buy a coffee, get it, and come home. Lots of us pick up a coffee on our way to somewhere else. HOW TERRIBLE!1!!1!!

                      You dont get it, you are wasting your life sitting traffic, running to pick up and this and that. Not only are you wasting your life, you are causing pollution.

                      I don't get what your comment has to do with anything. Is it about promoting public transport, or what? It looked like you started to make a point, and then just failed to go anywhere with it.

                    • Maybe you can try actually addressing my replies instead of your childish personal observations.

                    • Most of us don't just drive out to buy a coffee, get it, and come home. Lots of us pick up a coffee on our way to somewhere else. HOW TERRIBLE!1!!1!!

                      You dont get it, you are wasting your life sitting traffic, running to pick up and this and that. Not only are you wasting your life, you are causing pollution.

                      I don't get what your comment has to do with anything. Is it about promoting public transport, or what? It looked like you started to make a point, and then just failed to go anywhere with it.

                      You completely missed the point - you cant see the futility and pointless of WASTING all that time running around driving/commuting/ just to consume something completely unnecessary. Just think how many hours people waste every week on travelling to buy a coffee or smokes or fast food or similar nonsense. Empty people, with nothing to do.

    • A related essay I wrote 20 years ago "On Funding Digital Public Works", with a section on free and open source automotive software: https://pdfernhout.net/on-fund... [pdfernhout.net]

      From that section: "what have funding policies in automotive intelligence wrought?"

      Consider again the self-driving cars mentioned earlier which now cruise some streets in small numbers. The software "intelligence" doing the driving was primarily developed by public money given to universities, which generally own the copyrights and patents as th

  • Good. (Score:3)

    by couchslug ( 175151 ) on Wednesday January 06, 2021 @07:01PM (#60904476)

    Modders may find something useful.

  • Fix? (Score:3)

    by whoever57 ( 658626 ) on Wednesday January 06, 2021 @07:02PM (#60904478) Journal

    Perhaps some enterprising Open Source developer can fix the unreliable mess that the Nissan apps are.

    The Nissan app is (or used to be) called "Mobile App". Seriously, who does that? Aren't all the apps mobile?

  • Software and default credentials (Score:3, Interesting)

    by therealprologic ( 2118298 ) on Wednesday January 06, 2021 @07:06PM (#60904496) Homepage
    I'm of the opinion we should stop writing software that ships with default credentials. Randomly generate a password for the "admin" account and print that to the console on startup. The number of times we see this type of leak/hack in the industry is ridiculous.

  • A freshman Computer Science student could code everything a Nissan does and more. Nissan vehicles lack active accident avoidance or any advanced things like that.

    • The code in my 2015 Leaf is basically abandonware.

      It'll drive, but that's about all. The supposedly fancy UI cannot talk to the cell network any more. The map is 6 years out of date. The thing bongs about unavailable data whenever you turn it on. It's a nice car to drive, being electric and all, but it would be a whole lot nicer if we could mess with the code and make it be as it should be.

      The CEO may have been fitted up, but karma is a bitch.

    • Re: (Score:2)

      by b0bby ( 201198 )

      Modders want it. And my Leaf has ProPilot, which actually works fairly well as a "does most of the driving on a highway until it doesn't" adaptive cruise control with lane keeping system. It seems to be as good as most of the other similar systems out there right now, not up to Tesa FSD or GM Super Cruise though.

  • srsly wtf

  • Who exactly was paying a swiss developer to snoop around the american nissan systems ?

  • I'd imaging a lot of positions will be opening at Nissan soon.

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close