A site that sold Durex condoms in India has threatened a whistleblower with a legal nastygram in the wake of an admitted security breach involving leaked client details. Problems with the kohinoorpassion.com site surfaced earlier this month after a customer noticed that simply changing the order ID numbers in a URL allowed …
am i the only one who saw this?
"an unpleasant leak that created a potentially messy situation for everyone involved."
A little editing
"SSL and TTK-LIG takes data security extremely seriously NOW AND WILL DO SO UNTIL THE PUBLIC'S ATTENTION WANDERS ELSEWHERE and we have identified the cause OF THIS ONE PARTICULAR WHOOPSIE and taken immediate remedial action. The modifications put in place ensure ER, OR SO THAT WIERD WEB GUY TELLS US, that unauthorized access OF THIS PARTICULAR TYPE cannot happen again. We are completely confident that the website is now fully secure - BUT THEN WE DON"T KNOW JACK ABOUT THIS WEB STUFF AND, UNTIL IT BECOMES AN EMBARASSMENT AGAIN, COULD CARE LESS.
who'd have thunk it
I mean, dodgy code coming out of India, that sort of thing just isn't possible.
Now I'm not saying India has the monopoly on bad code
But they seem to be trying pretty damn hard.
The number of Indian programmers with professional contracts you see asking beginner questions in coding forums, complete with samples of their spaghetti code, is quite ridiculous.
It's not India's fault though bless 'em, it's just that companies require programmers in the UK to have X years education followed by X years experience, then when they go to outsource they don't ask for any verifiable experience whatsoever. They just sort of assume "well we're dealing with another company, just like us - not some filthy prole - so we'll never get burned" and they get burned over and over again.
That'll show Johnny Foreigner!
Wait...so he noticed a flaw, reported it only to the effected company...who thanked him..only to then have them turn around and accuse him of being a bad bad boy? I assume with some legal ramification?
Why do companies keep doing this to themslves and bring more attention and make themselves look like an ass by trying to whack the people pointing out the flaws in their security.
They get twat lawyers involved. The question will have been asked "What is our legal exposure?" the Lawyers answer will be to try and hush up things by threats. The Streisand effect then comes into play.
I work in a FMCG company. If this scenario had played out with us (Thankfully we don't do web ordering, our products aren't embarassing) there would have been a lot of panicking, swearing, fixing, and a large box of freebies on the way.
And no-one would have been any the wiser as that would have been the end of it
There is an old idiom that should be beaten into every lawyer and MBA student. 'You can catch more flies with honey than with vinegar'
The Streisand Effect...
... strikes again!
If he's the Durex Whistleblower...
... what flavour was it?