the website for swivro.net
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

164 lines
12 KiB

<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1">
<link rel="shortcut icon" href="assets/images/new-project-2021-12-30t152959.784-128x128.png" type="image/x-icon">
<meta name="description" content="Swivro is an organization focused on online privacy, cybersecurity, and free speech.">
<title>Hydrogen Aerospace's Poor Security - Swivro</title>
<link rel="stylesheet" href="assets/font-awesome-solid/../css/fontawesome.min.css">
<link rel="stylesheet" href="assets/font-awesome-solid/css/solid.min.css">
<link rel="stylesheet" href="assets/web/assets/mobirise-icons2/mobirise2.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-grid.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-reboot.min.css">
<link rel="stylesheet" href="assets/dropdown/css/style.css">
<link rel="stylesheet" href="assets/socicon/css/styles.css">
<link rel="stylesheet" href="assets/theme/css/style.css">
<link href="assets/fonts/style.css" rel="stylesheet">
<link rel="preload" as="style" href="assets/mobirise/css/mbr-additional.css"><link rel="stylesheet" href="assets/mobirise/css/mbr-additional.css" type="text/css">
</head>
<body>
<section data-bs-version="5.1" class="menu menu2 cid-sT6IIMxHpA" once="menu" id="menu2-ly">
<!-- extra custom styling that applies to all pages -->
<style>
.badge {
font-family: 'Inter-Regular';
font-size: 12px;
}
.desc1 {
padding-top: 5px;
}
.fontdefault, .modal-content, ul {
font-family: Inter-Regular;
}
</style>
<!-- end custom styling - PS, hi! from Swivro! -->
<nav class="navbar navbar-dropdown navbar-fixed-top navbar-expand-lg">
<div class="container">
<div class="navbar-brand">
<span class="navbar-logo">
<a href="../">
<img src="assets/images/new-project-2021-12-30t152959.784-128x128.png" alt="" style="height: 3rem;">
</a>
</span>
<span class="navbar-caption-wrap"><a class="navbar-caption text-primary display-7" href="../">Swivro</a></span>
</div>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-bs-toggle="collapse" data-target="#navbarSupportedContent" data-bs-target="#navbarSupportedContent" aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation">
<div class="hamburger">
<span></span>
<span></span>
<span></span>
<span></span>
</div>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav nav-dropdown nav-right" data-app-modern-menu="true"><li class="nav-item"><a class="nav-link link text-black text-primary show display-4" href="decentrasearch.html" aria-expanded="false">Decentrasearch</a></li>
<li class="nav-item"><a class="nav-link link text-black text-primary display-4" href="privacy-checklist.html">Privacy Checklist</a>
</li><li class="nav-item"><a class="nav-link link text-black text-primary display-4" href="privacytools.html">Privacy Tools</a></li><li class="nav-item"><a class="nav-link link text-black text-primary display-4" href="donate.html">Donate</a></li></ul>
</div>
</div>
</nav>
</section>
<section data-bs-version="5.1" class="features11 cid-sSJDRhSBHy" id="features12-lh">
<div class="container">
<div class="maxwidth4 row align-items-center">
<div class="col-12 col-lg">
<div class="card-wrapper">
<div class="card-box">
<h4 class="card-title mbr-fonts-style mb-4 display-2">Hydrogen's bad security</h4>
</div>
</div>
</div>
</div>
</div>
</section>
<section data-bs-version="5.1" class="content5 cid-sMZAHOiEJU" id="content5-41">
<div class="container">
<div class="row justify-content-center">
<div class="col-md-12 col-lg-12">
<p class="mbr-text mbr-fonts-style display-7">Hydrogen Aerospace is a startup France-based aerospace company. We truly like their vision, but when it comes to cybersecurity, they quite literally aren't the one. We contacted Hydrogen on October 24th, 2021, regarding critical security issues on their website. It has taken them over 24 hours to fix one of many security issues, and we have yet to receive any formal response via email. The one simple issue they have fixed involved simply modifying a file on their server that hosts their website, which, as mentioned, took them over a ridiculous 24 hours. After we sent Hydrogen an encrypted email (with the list of security issues), we heard from them on Twitter, saying "They saw your email and will take corrective actions even if a lot of what you mentioned is already done". That last part is stupidly incorrect, as we proved that the security issues were still present. They then replied to our reply on Twitter (where we asked if we can expect a response), and the reply said "The team saw your email, but will not give you update about it for security reason". This is obvious straight bullsh*t. There should be no reason as to why we cannot receive a formal response from the company stating that they received my email, they understand the severity of these security issues, they are working on fixing them, and they appreciate our report &amp; good intentions. Essentially ignoring our email (we are to assume it has been ignored or is not taken seriously seeing that we have not received a response) with a list of critical security issues that need to be solved is extremely rude and unprofessional. If they really can't give us an update via email due to "security issue", then this indicates they have another security issue affecting their email system. Hydrogen Aerospace needs to do better, act more professional, and learn to communicate properly when it comes to critical security issues that need to be solved; because so far we have only heard back from them via an unsecure privacy-violating social media platform (Twitter) where we were provided with a vague and irrational response.<br><br><strong>October 29th, 2021 Update: </strong>It's been over 6 days now and a security flaw that we reported has still yet to be fixed, and can be fixed in literally less than 5 minutes. We had to respond to the Owner (of hydrogen-aero.com) on Twitter over 5 times aggressively asking for a simple formal response (to our email) stating that they received it and that they are working on fixing the issues. All we got is a pointless delayed response saying "Thank you". Please, for your own online safety, stay away from this website with poor security.<br><br><strong>October 31st, 2021 Update: </strong>It's stupidly ridiculous how this company can't fix a very simple yet dangerous security issue. We don't promote hacking, but go ahead and exploit this issue that they refuse to fix. They are missing a DMARC record on their domain hydrogen-aero.com, so go ahead and send a forged email to whoever you want originating from <em>hi@hydrogen-aero.com</em> containing a (fake) virus link. Their website is also <strong>extremely</strong>&nbsp;vulnerable to the most simple DDoS attacks (HTTP Flood Attacks). OVH provides transport-level DDoS Protection, but not application-level, we're not sure if they know this or not because their website has no web application firewall (we were able to access the website via various types of bots including fake search engine bots).&nbsp;Hopefully this will force them to fix this issue.</p>
</div>
</div>
</div>
</section>
<section data-bs-version="5.1" class="footer1 cid-sRwLth6yLL" once="footers" id="footer1-sOpMpnOYd4-sOR1GhUL5w-gx">
<div class="container">
<div class="row mbr-white">
<div class="col-12 col-md-6 col-lg-3">
<h5 class="mbr-section-subtitle mbr-fonts-style mb-2 display-7">
<strong>Main</strong></h5>
<ul class="list mbr-fonts-style display-4">
<li class="mbr-text item-wrap"><a href="../" class="text-white">Homepage</a></li><li class="mbr-text item-wrap"><a href="service-provider-alternatives.html" class="text-white" style="font-size: 1rem;">Service Provider Endorsements</a><br></li><li class="mbr-text item-wrap"><a href="software-alternatives.html" class="text-white text-primary">Software Endorsements</a></li><li class="mbr-text item-wrap"><a href="https://privacynow.eu.org" class="text-white text-primary" target="_blank">PrivacyNow Blog</a></li>
</ul>
</div>
<div class="col-12 col-md-6 col-lg-3">
<h5 class="mbr-section-subtitle mbr-fonts-style mb-2 display-7">
<strong>Legal</strong></h5>
<ul class="list mbr-fonts-style display-4">
<li class="mbr-text item-wrap"><a href="https://privacy-policy.swivro.net/" class="text-white" target="_blank">Privacy Policy</a></li><li class="mbr-text item-wrap"><a href="mailto:6j8lizy3@anonaddy.me" class="text-white">Report Misinformation</a></li><li class="mbr-text item-wrap"><a href="mailto:6j8lizy3@anonaddy.me" class="text-white">Contact Us</a></li><li class="mbr-text item-wrap"><a href="are-you-a-karen.html" class="text-white">Are you a Karen?</a></li>
</ul>
</div>
<div class="col-12 col-md-6 col-lg-3">
<h5 class="mbr-section-subtitle mbr-fonts-style mb-2 display-7"><strong>More</strong></h5>
<ul class="list mbr-fonts-style display-4">
<li class="mbr-text item-wrap"><a href="changelog.html" class="text-white">Swivro Changelog</a></li><li class="mbr-text item-wrap"><a href="about.html" class="text-white">About Swivro</a></li><li class="mbr-text item-wrap"><a href="donate.html" class="text-white">Donate to us</a></li>
</ul>
</div>
<div class="col-12 col-md-6 col-lg-3">
<h5 class="mbr-section-subtitle mbr-fonts-style mb-2 display-7">
<strong>About</strong>
</h5>
<p class="mbr-text mbr-fonts-style mb-4 display-4">Swivro is an organization focused on free speech, transparency, cybersecurity, and online privacy. We do our best to help you restore &amp; retain your online privacy.<br></p>
</div>
<div class="col-12 mt-4">
<p class="mbr-text mb-0 mbr-fonts-style copyright align-center display-7"><strong><a href="https://webdock.io/en" class="text-white"><b>Hosted by Webdock.io</b></a><br></strong>© Copyright 2022 Swivro - All Rights Reserved<br>
</p>
</div>
</div>
</div>
</section>
<script src="assets/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/smoothscroll/smooth-scroll.js"></script>
<script src="assets/ytplayer/index.js"></script>
<script src="assets/dropdown/js/navbar-dropdown.js"></script>
<script src="assets/theme/js/script.js"></script>
<script src="//instant.page/5.1.0" type="module" integrity="sha384-by67kQnR+pyfy8yWP4kPO12fHKRLHZPfEsiSXR8u2IKcTdxD805MGUXBzVPnkLHw"></script>
</body>
</html>