top | item 40795287

(no title)

Source: I live in SK

For some context, you can't live in South Korea and not use Kakao, even your grandma has it.

So the fact that they have so many holes in their security is a cause for concern.

You grandma isn't going to know a fishy link when she sees one, especially with this exploit where domain looks legitimate.

A contributing factor is the hierarchical work culture in Korea. You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.

This all amounts to an app full of security holes, and until Kakao stock drops because of it, they're not going to address it.

discuss

lifthrasiir|1 year ago

I actually don't use Kakaotalk (or LINE or Facebook, to be comprehensive) even though I'm a Korean. That does make me some kind of weirdo, but many enough services have an SMS fallback so I can live without it.

On the security side though: I don't think it is a work culture at the play because major IT companies in South Korea---often referred as to the initialism 네카라쿠배, for Naver, Kakao, LINE, Coupang and Baemin operated by Woowa Bros---are known for much better work culture and higher compensation than the nation average [1]. It is probably more like that these apps are domestic and hadn't been scrutinized enough compared to globally popular apps.

[1] But still lower than US or even some Korean startups in my experience.

chabulhwi|1 year ago

I'm also a Korean, and I've been getting on without KakaoTalk for two years. But I've never met any other Korean personally who doesn't use it.

rjzzleep|1 year ago

Didn't Japan just buy(back) line and pledge better operational security a while back? Samsung is famous for frequently reinventing things on their own and leaving it full of security holes as a result. Somehow it's just part of the culture.

kijin|1 year ago

You can find hierarchical work cultures with impossible deadlines all around the world, not just SK. The difference seems to be that the government sector and the chaebol take up such a huge share of the "IT" market in SK, that there really isn't much space left for startup culture to make a difference.

Kakao used to be a cool startup, but they've been trying hard to emulate the chaebol once they became successful.

OsrsNeedsf2P|1 year ago

> there really isn't much space left for startup culture to make a difference.

This is very much not the case - Startups are quite big in SK because the government gives them lots of funding.

Source: I worked at a South Korean startup. Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.

graemep|1 year ago

> You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.

If only that happened only in SK.

It definitely happens in the west too. Maybe its worse in SK because of the culture, but its definitely not unique. The problem of the boss or the customer seeing the UI but not security issues is universal.

unknown|1 year ago

[deleted]

Rastonbury|1 year ago

Is this something that would be picked up by the news in SK or a regulator? Potential ways to get the accountable besides share price

intoamplitudes|1 year ago

"Hierarchical work culture" is like the go-to blanket excuse to explain anything in East Asia that Americans don't like or think is bad.

If you've ever spent a few years at any decent-sized white collar company in the US (tech, finance, consulting) you know it's the same in the west. Especially FAANGs. All these mid-level engineers are just yes-men trying to suck up to their VPs to get in the next promo cycle. The western companies just have better marketing about "flat hierarchies" but it's all PR talk and lip service. Some PM or SVP drops some mandate and no one ever has the balls to question it, they just grumble and do it.

The saddest part is that these tech bros actually believe the marketing they are fed about their company cultures, and it breeds this shallow superiority complex and so whenever something negative about Asian companies comes up, you get comments like this citing this 'go-to' rationale about hierarchy.

It's actually kind of sad these guys don't have the self-awareness to critically examine what they are told vs. what reality is.

awithrow|1 year ago

I've spent many years at large companies including FAANGs. I've had no problems or issues pushing back on unreasonable deadlines or being the bearer of bad news about vulns, bugs, or systemic flaws. I've also seen plenty of engineers do the same.

simonebrunozzi|1 year ago

Is there an easy way for a non-SK (and non Korean speaking) to use it?

verteu|1 year ago

You can simply download KakaoTalk from the App Store, right?