Recently their site was hacked and the founder, Quincy Larson, discovered that a hacker had used their donation system to defraud over 5,000 people. He's written an article on what happened and how he fixed the problem. It's quite a story that gives you a picture of how complex modern electronic financial transaction systems are and what can happen when they're hacked.
At the end, he offers some advice, including this.
Lesson #4: There are some real bastards out there."Security in IT is like locking your house or car – it doesn't stop the bad guys, but if it's good enough they may move on to an easier target." - Paul HerbkafreeCodeCamp is open source, and has tons of security researchers who notify us of potential vulnerabilities through responsible disclosure. We are locking our proverbial doors.But despite all our efforts, an attacker still saw us as an easier target than some of the big e-commerce sites. They were sophisticated enough to find their own zero-day vulnerability in our codebase. And they may do the same for your organization.Never forget that you and I share a planet with villains who are willing to inconvenience thousands of people just so they themselves can make a quick buck.Stay vigilant, friends.
No comments:
Post a Comment