|
|
|
|
|
|
by nfoz
2560 days ago
|
|
|
He looked in the window of a car and saw tons of users' personal information -- visible through the window! Any criminal could walk by and copy the info, privately, without anyone knowing. Maybe some criminals already have. I think the important thing we miss with car/physical crime analogies is that cybercrime can be so invisible. Nothing is missing, nothing is taken... but users private data is lost. So if an organization is doing something terribly naive like publishing passwords to userdata in plaintext... it's disgusting for our society to punish the wrong people, the people pointing out the flaws rather than the ones who cause them. All the really malicious entities came and went and will never be caught. They put private information into a JSON file accessible by an HTTPS GET, the only password being one that they put in plaintext onto everyone's phones. My analogy: They put the private information onto a billboard, but you can only see the billboard from a particular vantage point in a public park. |
|
|
The information was still behind a door that you had to unlock. They just unwittingly sent keys to everyone.