Hacker News new | ask | show | jobs
by kayson 28 days ago
> In further digging, we noticed that the URL the phone opens up is “kira-abboud.com,” a website that references fashion influencer “@kirasfashionfinds.” Notably, this exact URL isn’t listed anywhere on Abboud’s social media, and the affiliate codes don’t match up either. The redirect coming from Motorola phones is using Amazona affiliate code “sramz-kff-008-20” which is completely different from any of the codes we saw from links shared by Abboud’s accounts and linked websites.

Something funny is up; this doesn't seem deliberate.
2 comments
londons_explore 28 days ago
My guess is a rogue employee who hopes they can get away with this stuff for years till caught...

That employees cousin probably does social media for Abboud...

link
GuestFAUniverse 28 days ago
No matter how you turn it, that doesn't build trust in the Motorola brand, if a single employee can push that (hypothetical) code.
link
0xEF 28 days ago
I agree, but in fairness, I don't know of any brand, tech or otherwise, that can completely wall itself off against insider threats. No matter how vigilant you are, someone who knows exactly how you move will find a way around you.
link
microtonal 28 days ago
I can understand it's hard to defend against plausibly deniable errors that create backdoors, etc. But this would show a complete lack of code review, no?
link
mschuster91 28 days ago
> But this would show a complete lack of code review, no?

You'd be surprised how many websites use Google Tag Manager to allow their marketing department to roll out trackers and other JS snippet directly into the site's root context.

GTM et al's sole reason of existence is to provide marketing people with a way to bypass corporate IT.

And I definitely would not rule out something like this being the cause in the end.

link
pitkali 28 days ago
Code review just means you need an accomplice. It makes it harder, not impossible.
link
macintux 28 days ago
Not even that. Bury it in a sufficiently-large PR and there’s a very good chance it’ll be rubber-stamped because no one wants to take the time to carefully review the entire set of changes.
link
GuB-42 28 days ago
Or be convincing to a LLM.

Humans reading code is so "legacy"...

link
ezekiel68 28 days ago
If I'm not guilty until proven innocent, then neither is Motorola.
link
brightbeige 28 days ago
How about a rogue AI agent banking some cash for the uprising? Are we there yet?!
link
apples_oranges 28 days ago
right, they should start reviewing their PRs
link
Neil44 28 days ago
Yup. Let's see Kiras LinkedIN.
link
jollymonATX 28 days ago
An affiliate can create multiple codes
link