|
|
|
|
Another site with inadequate security. Learn from the past.
|
|
2 points
by lmai
5714 days ago
|
|
|
First time poster here, cause it's the first time I had something important to say. I was using a site for a project. I noticed the url structure seemed too simple. So I changed a single variable (the id variable of course) and voila! I get another person's project. This is not some random site, this is a funded startup back by a well-known VC. Reminder to developers and investors - think about security, especially those with sensitive information.
Why haven't we learned from past mistakes? If they had read/followed HN, they would have seen this about Quiptxt http://news.ycombinator.com/item?id=1226313 I have notified the company of their security flaw. Now lets see how they respond.
It could be a difficult task for them as I suspect they have a lot of new customers using their service. * update - I spoke to customer service and they graciously acknowledged the issue. |
|
|