I got a rush from feeling challenged. The computer would say 'No', and I would think, 'Well, we'll see'. In his own words it was more a case of Rage Against the Machine than simply Stayin' Alive.
When he tested the token, Zimmermann said that it granted access to hundreds of private Home Depot source code repositories hosted on GitHub and allowed the ability to modify their contents. The researcher said the keys allowed access to Home Depot's cloud infrastructure, including its order fulfillment and inventory management systems, and code development pipelines, among other systems. Home Depot has hosted much of its developer and engineering infrastructure on GitHub since 2015, according to a customer profile on GitHub's website.
Speaking on 3 December at the Financial Times Cyber Resilience Summit 2025, security minister Dan Jarvis said: "We've heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake. These researchers play an important role in increasing the resilience of UK systems, and securing them from unknown vulnerabilities."
Securing IoT devices must be a top priority from start to finish these days. Whereas the issue used to be seen mainly as an add-on, it is now a fundamental part of product development and partner policy. According to Fabian de Clippelaar, Engineer at Axis Communications, this shift did not come out of the blue. "The growing computing power of devices offers opportunities for innovation. But if that power is not applied or secured in the right way, it can also cause serious problems."
Two researchers reported finding serious vulnerabilities, including ones that expose employee information and drive-through orders, in systems run by Restaurant Brands International (RBI), which owns the Tim Hortons, Burger King and Popeyes brands. The vulnerabilities were reported to the vendor and quickly fixed. In addition, RBI said the system targeted by the researchers is still in early development. However, the company still sent a DMCA complaint to the researchers to force them to remove the blog post detailing their findings.
