Just got back from seeing Godzilla: King of Monsters -- NO SPOILERS

Wow. Lot of fun! Now, it's a B-movie, but it had a surprising amount of interesting plot! My wife insists it continues from the 2014 movie, but I honestly don't remember it: there's been too many Giant Monster movies for me to keep straight. Including this Godzilla movie, there have been eight Godzilla movies released since 2000, though it's possible not all made it to the USA. Now add in the two Pacific Rim movies, Cloverfield, and you have lots of giant monsters destroying the coastal USA.

So I have no idea if THIS Godzilla is a good sequel to the 2014 Godzilla. But I'll take my wife's word on it.

Anyway, it does have a decent plot, and it's a good, fairly traditional Godzilla movie with LOTS of property destruction and giant monster throw-downs. If you like that sort of thing, you'll enjoy this. It still had plenty of stupid, but it did have plot.

The two of us had the theater to ourselves, so we got to do some MST3K snide commenting out loud! That was a lot of fun.

We set out to see the new Spider-Man movie, but literally at the last minute Russet had to do a task remotely for the observatory, and that was it for Spidey, which was at 9:00 as we got to the theater at 9:15. But Godzilla was at 9:30, so an excellent fall-back. Conveniently, they showed a new trailer for Spidey, which added some good info and pushed my wife from 'ambivalent' about seeing it to 'now wants to' see it. We might be able to catch it Sunday, we shall see what happens.

7-11 in Japan starts app on July 1, by Thursday $500,000 had been stolen from customers

The article doesn't explain if the app was developed by internal 7-11 IT or they hired an app maker to do it (I'm guessing internal development), but it contained an extremely bad flaw. Here's an excerpt from the article explaining it.

"...in a mind-boggling turn of events, the app contained a password reset function that was incredibly poorly designed. It allowed anyone to request a password reset for other people's accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.

A hacker only needed to know a 7pay user's email address, date of birth, and phone number. An additional field in the password reset section allowed the hacker to request that the password reset link be sent to a third-party email address (under the hacker's control), with no need to dig through the app's code or tamper with HTTP requests, like most of these hacks involve.

Furthermore, if the user didn't enter their date of birth, the app would use a default of January 1, 2019, making some attacks even easier..."

Wow. Obviously it's not hard to get ahold of this information if you know where to look, and organized hackers know where to find this information. I wonder, though, how they identified "This person has the app, that person doesn't". Maybe they had sniffers on the store networks looking for identifying information (I wouldn't count on good encryption in the app if they were this stupid about the reset) and then launched the attack against customers.

I'm guessing 7-11 didn't have a tiger team test the app for vulnerabilities. There is some good news: 7-11 is going to pay back all the lost funds, so people won't be out money. Complaints started rolling in the day the app launched, and 7-11 shut the app down on the 3rd. In another article, some fraudulent transactions were traced to China, but it's hard to say if they were the source of the overall fraud. Two Chinese nationals were arrested trying to purchase smokes with someone else's account, unknown if they were connected with the fraud.

Myself, I have credit card info encoded in two apps: Amazon and Apple, both of which I think are trustworthy. Otherwise all shopping is done through my web browser, PayPal, or face-to-face. Amazon was entered in their web site through a browser and not directly in their app: you sign in to the app, and now it's tied to my fingerprint. Slightly more complicated and I believe more layers of encryption in Apple Pay. So I'm (hopefully justified?) more confident that my accounts can't be compromised. Regardless, there ain't much money in my account!

https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/