|
|
|
|
|
|
by tptacek
5612 days ago
|
|
|
And how much damage could a hacked moderator account do to the site? This whole conversation seems like a symptom of taking this site way too seriously. The community is very valuable and even important. The site is just an artifact of it. As evidence for my point of view (and, you can say "you're welcome" if my brinkmanship with this sentence is paid off by Graham promptly enabling SSL, which he could easily do in the process of fixing the far-more-important bug of this site not being served through a front-end proxy), note that next week SSL will in all likelihood not have SSL enabled. That request --- provide SSL --- has been outstanding forever. Does Graham also share my cavalier attitude towards the site? |
|
|
But remember that this is also the YC application system. A lot of alumni help read apps, probably just by getting a permission added to their account. So a lucky firesheep-er can probably read every application to YC. And mess up people's applications (if they get the account of an applicant before the deadline). And may reject people/delete apps if they were to get, say, pg's or harj's account.
And possibly other stuff. I don't know what all YC uses it for, but I get the impression that they continue to use it for various things (signing up for office hours?), some of which may be sensitive, once teams are accepted.