Hacker News new | ask | show | jobs
by etagwerker 3986 days ago
Maybe rookies wasn't the right word.

The fact that they allowed such a blatant vulnerability to reach production makes me question their test suite and development process. What else is wrong that we are not seeing?

I expect more transparency and professionalism from a company that processes $7.1 billion in transactions.
1 comments
benologist 3986 days ago
It's not unreasonable to expect better transparency, that's something that's improving too slowly. We don't even know if this was exploited yet and it's been a couple months and there's always a lot of opacity around hacking incidents.

Security is hard and accidents are easy, dropbox once had a four hour period where they didn't verify passwords!

http://techcrunch.com/2011/06/20/dropbox-security-bug-made-p...

link
etagwerker 3985 days ago
That is pretty embarrassing too and even a bigger vulnerability, but Dropbox released a statement about it.

I believe that owning up to your mistake and being transparent about it can only make your customers trust you more. What worries me is that Mercado Pago is huge and they never released a statement about this issue. I hope that they change this policy soon.

link