|
|
|
|
|
|
by arielm
4187 days ago
|
|
|
It's astonishing that somewhere out in the modern world there's an api that returns personally identifiable information without requiring any sort of authentication. What I find absurd is that the company hasn't done anything about it. Even if they don't care/know about security they must at least care for bad PR... But with all of that in mind, I don't know what's the best way to fight these clueless behemoths. You disclose and thousands or even millions of people will be compromised. You don't and those same people could be compromised but no one will know because the attacker(s) will just continue to siphon information quietly. They should be waterboarded for making a responsible individual have to choose. For the record, I approve of this disclosure. Better to know the evil than let it go on unnoticed. |
|
|
Except, you know, for the part where that is an inhumane thing to do, even when done to people that are actually guilty of committing terrible crimes.
> It's astonishing that somewhere out in the modern world there's an api that returns personally identifiable information without requiring any sort of authentication.
Hello, have you met the 21st century? It's a freakshow and clusterfuck of planetary proportions. Although even accepting that fact, yes, I suppose that doesn't make it less astonishing. Spoiler alert: things will probably get even more astonishing before it gets less. Fasten your seatbelts, wear a hat, etc.