Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4668816yThe company should always have the opportunity to fix the flaw.
But after contact and grace have been given. Let it rip!
We don't post anonymously on here?
I must be doing it wrong -
-
Security bug -- disagree
data leak -- agree
plaintext passwords -- agree
if there is an exploitable vulnerability the company is not aware of, it could be exploited by vilains. It is an active threat and making it public increases risks. Mistakes happen, typos happen, library bugs happen. Company should be discretely informed of the incident w/o warning public about the vuln. as it could trigger hackers who could do a lot of damage.
On the other hand bad decisions explixitly made by the company are in place w/ their knowledge. I'm talking about plaintext passwords, requests for email pw during registration, etc. The company decided to make it tgat way and treat it as a feature. There's no reason to hide that.
Any events that have already made some damage, i.E. Company website hacked, database leaked, etc. should lead to immeadiate warning of all the customers to change their credentials.
Related Rants
I don't know why is that everytime you guys find a security bug or a data leak or that someone is saving plain passwords on their database, you try to cover and censor the company name. Listen people, fuck the company and their name and their brand if someone's data might be in danger. Everybody should be aware of what is happening with their personal information.
Also, maybe would be great if devRant would let users to post anonymous rants for this kind of issues or a special thread with latest news about our online security.
rant
security
online
reports