undefined | Better HN

0 pointsrhizome8y ago0 comments

Those who use the holes in their infrastructure, did you see the story about a database being accessible with default credentials? There is some question of scope for that particular issue, but it bodes duplication in the company's practices elsewhere.

0 comments

1 comments · 1 top-level

g0510518y ago

You mean the web site that didn't have any non-public data, and was actually not in active use for 3 years? I agree that was sloppy, but the site didn't have the level of security requirements that one of the main sites or their internal network had. Do you put a $100 lock on a $5 bike?

And how was this "allow[ing] unauthorized people to make spurious changes"? No data was changed in the breach.

j / k navigate · click thread line to collapse