Quote:
Originally Posted by signupdamnit
It's pretty arrogant to run known exploitable code on a public facing multi-million dollar operation. Especially with such sensitive information. They pretty much got what they deserved for their arrogance in not getting it fixed.
|
Plugging holes, especially if they're fundamental flaws in your system, is not a 5 minute job.
In a large codebase with poorly written code it might be almost impossible to completely secure.
Look at the big hacks lately, some very very big companies running extremely complex systems have been compromised.
The real problem I see with this hack from a technical perspective is that it reveals that this company was more interested in bleeding it's user base of cash than anything else. In this scenario, they really didn't care much about security - despite public comments otherwise.