We had a guy who filed a bug against Firefox, complaining that our "this password is being sent in the clear" popup warning was an improper alteration of his site. He also bragged that in the N...
We had a guy who filed a bug against Firefox, complaining that our "this password is being sent in the clear" popup warning was an improper alteration of his site.
He also bragged that in the N years of running his site, he never had a single security issue.
The internets saw this, accepted his challenge, and his site was inoperable soon afterward.
This is the first I've heard of this particular story. Amazing he had the gall to submit a bug report. It looks like Oil and Gas International actually uses HTTPS now, but still has mixed content...
This is the first I've heard of this particular story. Amazing he had the gall to submit a bug report. It looks like Oil and Gas International actually uses HTTPS now, but still has mixed content on some pages (not the Sign In page though). The back-end is probably still a mess.
We had a guy who filed a bug against Firefox, complaining that our "this password is being sent in the clear" popup warning was an improper alteration of his site.
He also bragged that in the N years of running his site, he never had a single security issue.
The internets saw this, accepted his challenge, and his site was inoperable soon afterward.
Bragging about your website's security is probably the single most effective way to ensure that you're proven wrong about your website's security.
cheap way to stress test your site?
/s
This is the first I've heard of this particular story. Amazing he had the gall to submit a bug report. It looks like Oil and Gas International actually uses HTTPS now, but still has mixed content on some pages (not the Sign In page though). The back-end is probably still a mess.
IIRC, didn't some good samaritan mess things up so that people wouldn't be able to steal passwords or something similar?
See also http://plaintextoffenders.com/