Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wow, this story is amazing. Companiy got notified last August of a 0 day (no authentication) to download all customer records, but no action taken for half a year. Then a very bad PR stunt leading to even more exposure - one can't make this stuff up... its April 3rd already, right?? Wondering why they couldn't just really fix the problem? Would be interesting to learn more on how they do engineering? Eg. was it all outsourced and someone else tries to fix it now? This year is going to be good!


That's not what 0 day means.


It's exactly a 0 day. They were notified last August of a 0 day in their website and 6 months later 6*31 days (31 for simplicity) later it was is still was not fixed.

Here the definition:

https://en.m.wikipedia.org/wiki/Zero-day_attack


I think your original statement was confusing because you put 'no authentication' in parenthesis, implying that to be the definition of 0-day


My natural gas provider can't get my bill to print with me emailing them for over a year.

So their old 1990s site, worked fine. Upgrade to new whizbang bullshit and a steady stream of emails still can't get it to simply use a CSS print routine. Outsourcing is glorious!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: