21 votes

The Effectiveness of Publicly Shaming Bad Security

Tags: security

6 comments

  1. [5]
    dblohm7
    Link
    We had a guy who filed a bug against Firefox, complaining that our "this password is being sent in the clear" popup warning was an improper alteration of his site. He also bragged that in the N...

    We had a guy who filed a bug against Firefox, complaining that our "this password is being sent in the clear" popup warning was an improper alteration of his site.

    He also bragged that in the N years of running his site, he never had a single security issue.

    The internets saw this, accepted his challenge, and his site was inoperable soon afterward.

    8 votes
    1. [2]
      Emerald_Knight
      Link Parent
      Bragging about your website's security is probably the single most effective way to ensure that you're proven wrong about your website's security.

      Bragging about your website's security is probably the single most effective way to ensure that you're proven wrong about your website's security.

      6 votes
      1. RapidEyeMovement
        Link Parent
        cheap way to stress test your site? /s

        cheap way to stress test your site?

        /s

        3 votes
    2. davenport
      Link Parent
      This is the first I've heard of this particular story. Amazing he had the gall to submit a bug report. It looks like Oil and Gas International actually uses HTTPS now, but still has mixed content...

      This is the first I've heard of this particular story. Amazing he had the gall to submit a bug report. It looks like Oil and Gas International actually uses HTTPS now, but still has mixed content on some pages (not the Sign In page though). The back-end is probably still a mess.

      4 votes
    3. starchturrets
      Link Parent
      IIRC, didn't some good samaritan mess things up so that people wouldn't be able to steal passwords or something similar?

      The internets saw this, accepted his challenge, and his site was inoperable soon afterward.

      IIRC, didn't some good samaritan mess things up so that people wouldn't be able to steal passwords or something similar?

      1 vote