72

"We don't need to invest in security - noone is going to hack us anyway" == "We don't need a fire department in our city - fire is not going to start here anyway"

We don't need to invest in security - everything is public anyway" == "We don't need a fire department in our city - our buildings are made out of straws anyway"

-- my thoughts after seing a line in client's spec: "sensitive data is transferred via a secure tcp channel (https) and all the public data is transferred via an unencrypted tcp (http) channel"

Comments
  • 36
    *starts man in the middle attack by injecting xss scripts in http calls*

    Company:
  • 19
    Who needs security, that just makes people's lives more difficult.
  • 10
    Some brilliant soul's attempt to save two shekels, not realizing that the cost of securing the public channel is negligible.
Add Comment