by toddmorey on 7/30/2025, 7:02:23 PM
by zamalek on 7/30/2025, 5:09:28 PM
Hot on the wheels on the vibe-coded Tea breach. Things are looking great for vibe coding.
Don't get me wrong, I have been been more hands off (though not completely, and very prescriptive) with an SPA side project and it's going great. Claude makes way better looking UIs than my dog ugly developer UIs. But vibing auth? That should seriously count as _legal_ gross negligence.
by steveBK123 on 7/30/2025, 4:33:34 PM
I only know Base44 from the bombardment of YouTube ads for them I receive. Glad to hear its going well.
by bgwalter on 7/31/2025, 7:49:07 AM
Fun facts: All of Wix, Wiz, base44 were founded by ex Unit 8200 members. Wix was used by the NSO group to create fake websites for targeting critics:
by galnagli on 7/30/2025, 9:00:58 PM
Happy to answer questions : )
by zahlman on 7/31/2025, 1:09:55 AM
> Platforms like Loveable, Bolt, and Base44 > Wiz Research has been looking into the security posture > (recently acquired by Wix following an amazingly rapid rise)
Anyone else find all these names really surreal?
(Yeah, Google is kind of a dumb name too, but at least there's a cute story behind it.)
(Okay, I knew Wix had been around for quite some time, but I didn't expect it to be almost as old as YouTube....)
by j45 on 7/30/2025, 5:13:37 PM
It was only a few months old, how can technical debt and discoveries not be expected?
Wix was probably acquiring a growing userbase.
by darepublic on 7/30/2025, 11:48:04 PM
These platforms feel like their authors just stick a big bow (uniquely branded ofc) on top of llms. I don't want to undervalue the importance of good glue code.. but that's all I see here. Doesn't deserve the glossy sheen or accolades imo.
by sandeepkd on 7/31/2025, 6:18:37 AM
I might go to the extent of saying that this is classical example of security by obscurity, and for good or bad reasons, a lot of applications would fall into this category, one way or another.
by swyx on 7/30/2025, 6:40:46 PM
soo Wiz found a vuln in Wix?
this is israeli on israeli violence
by oc1 on 7/31/2025, 7:07:59 AM
This will be the golden age of hackers for lulz or money, security researchers and script kiddies (fka idea guys)
by jus3sixty on 7/30/2025, 11:29:21 PM
Every single day someone dies a wrongful death, a plane crashes, a serious data breach occurs, and someone slips on a banana peel.
None of these things will ever stop the billionaire gravy train because of something called “Risk Management.” I don’t think our “vibe-coded AI slopware” is an exception.
by htrp on 7/30/2025, 5:40:31 PM
Wonder if Wix had any contractual reps/warranties around the state of the Base44 codebase.
by uponasmile on 7/30/2025, 7:53:23 PM
>he vulnerability was fixed in less than 24 hours
I wonder if they fixed it manually or used Base44 to fix it
by bitwize on 7/31/2025, 9:49:17 AM
Remember, the S in GenAI is for security.
by dangoodmanUT on 7/31/2025, 3:13:14 AM
80M to wix right?
by crook123456 on 8/2/2025, 10:17:33 AM
Base44 is just another builder.ai scam
"The vulnerability we discovered was remarkably simple to exploit - by providing only a non-secret app_id value to undocumented registration and email verification endpoints." So you could sign yourself up as editor / collaborator on any app once you knew the app's ID.
Jeez, that's sloppy. My colleague in 2000 discovered you could browse any account on his bank's website by just changing the (sequential!) account IDs in the URL. In a lot of ways we've made great strides in security over the last 25 years... and in many ways, we haven't.