Misleading headline
It led me to think that they had developed some kind of hipster detector
4 publicly visible posts • joined 12 Jan 2009
Actually, the tool uses the reply time and returned error codes together to guess the key. The workaround suggested by scottgu first redirects all errors to a single page, and then adds a delay in timing.
The delay is not necessary for this workaround to be functional. This exploit is impossible to achieve if your error page does not disclose the error data.
These jokers are in jail because they were complicit in fraud. Reporting nonexistent profits and inflating available funds for several years (AFAIK).
If the boards of all the banks that have lost money are found to be complicit in fraud, I am sure they will also be punished in the same way. The problem is that in most cases they cannot legally be held accountable. Fund managers claim ignorance [of incorrectly evaluated risk levels], oversight authorities claim faulty risk evaluation models, and so on.
I don't know anything more than what I read in the headlines so I may be completely wrong