Feeds

back to article Security mess sends Kiwi auction site titsup in two days

A New Zealand auction website has shut after just a day, thanks to IT professionals who noticed extraordinarily relaxed security operations. The site in question is Wheedle.co.nz, which currently says “unforeseen technical problems “have “postponed further activity on the website.” Postp0wned may be a more accurate term, as …

COMMENTS

This topic is closed for new posts.
Silver badge

Am I the only one ...

... seeing a serious lack of network security knowledge being displayed in New Zealand?

0
4

Re: Am I the only one ...

No, just the usual web start-up approach to life, i.e. "Let's get the product launched quickly and cheaply, build a user base and worry about boring stuff like security later." To be fair, if you dig back not so many years you'll find plenty of (now) household names that were regularly exposed for schoolboy security errors for exactly the same reason.

Unfortunately (for this lot), it's harder to get away with it for very long these days, especially if your hubris has the potential to end up costing punters actual cash money as this case appears to demonstrate.

1
0
Anonymous Coward

Re: Am I the only one ...

"Let's get the product launched quickly and cheaply"

Ahhhh the Apple approach......"Working as intended!"

0
1
Anonymous Coward

Re: Am I the only one ...

iFanboi trolls are back!!!

1
0
FAIL

Programmers need to start with security and work backwards - too many start with the code and then try to make it secure.

Learned this the hard way through a "professional" UK programmer who created a pile of insecure shit for me two years back with all sorts of holes like no checking of data before entering it into a database, URL manipulation, admin functions accessible by anyone if they knew the URL - pain............

0
0
Anonymous Coward

No they don't

Programmers should program. Security consultants should make it secure. Put your site behind a WAF. The chances of you finding a good web developer who does security well, who works for a startup are slim to non-existent.

0
1

Re: No they don't

I don't agree - a programmer needs to understand security and the risks in what he does otherwise how can he ever write good code?

As my application has developed and moved forward I have used other programmers and there are many who are very knowledgeable about security and performance and scalability and other considerations beyond the technicality of writing code and that's what separates the shit from the good.

0
0

Re: No they don't

Not smart to say the least. If your coder doesn't have a clue about security, he's not a coder, just a liability.

Not sure about your corner of the world, but where i'm at, it usually starts with user input not even being sanitized/validated, never mind exotic exploits...

A WAF does have it's merits, but if the whole web app was built from the ground up on idiotic assumptions and dimwit designs, it's about as good as steel plating your front door while leaving the windows wide open.

1
0
Headmaster

Postp0wned?

Postpwned shirley?

0
0
Anonymous Coward

Um ...

"Revelations that the site hired programmers based in India led to some raised eyebrows among Kiwi coders"

Did you really publish that?

1
0
Alien

Re: Um ...

Yeah, because it is the general impression of Indian programmers in NZ. NZ is dominated by cost in these types of enterprises. You get what you pay for everywhere. The mistake people make is saying Country A has good programmers and Country B has bad programmers. I've worked with some successful and some appaling teams from India. The difference was always how much communication took place every minute or hour. Those teams which rotated members into the on shore team to slowly build up a team culture were the ones I loved working with.

1
0
This topic is closed for new posts.