Quote:
|
Originally Posted by mrkris
I would like to actually answer this one. If fris would not have done what he had done, Brad wouldn't have known(?) about the issue, thus, if a blackhat found the hole, they could be stealing all of everyones information. Granted, fris might not have respected privacy by posting the info, but he got Brads attention and I am hoping by this point the issue is being resolved with the software. I myself am into pen-testing (just now getting into web-pen-testing) but the same concept applies. Someone has to do it to stay on top of the game, otherwise people will get owned.
|
with open holes like that, there is no telling how many times the info could have already been stolen by others. Just because Fris is the first to point it out, doesn't mean others haven't already found those same holes and are using them to their advantage.
Sometimes I wonder why my webmaster e-mail accounts get so much fucking spam.. Could it be the sponsors selling their lists? Could it be open holes like this, just waiting for my info pluss every other webmasters and even customers info sitting their waiting to be taken.