Security flaw in electricity, water utility website
Yet another utility’s website has exposed clients’ private details
Yet another utility’s website has exposed clients’ private details
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What is the ultimate French toast topping?
Security issue with electricity, water utility website
- Thread starter rpm
- Start date
TelkomUseless
Honorary Master
- Joined
- Mar 13, 2006
- Messages
- 16,570
- Reaction score
- 11,208
Jeez... last time I checked we were in 2015. This security flaw is so 90s...
Just typical web developers with no care or experience regarding application security.
jetlee
Senior Member
that
deweyzeph
Honorary Master
Yip, this sort of security flaw in a web app is just plain unforgivable. This is real amateur stuff.
deweyzeph
Honorary Master
Any web developer worth his salt would never let this happen, so don't tar all web developers with this brush.
I didn't tar all web developers - I said "typical web developers".
I'm sure Java programmers working for the financial industry (e.g. banks) have their heads screwed on right but from personal experience with senior .Net developers (10+ years exp.) the trend is to primarily program functionality to reach a deadline and then only worry about security when someone moans or you get hacked.
Then I sit trying to explain to management why the company was hacked and why stateful firewalls are unable to secure web applications.
Security is only as good as the weakest link.
MagicDude4Eva
Banned
I didn't tar all web developers - I said "typical web developers".
I'm sure Java programmers working for the financial industry (e.g. banks) have their heads screwed on right but from personal experience with senior .Net developers (10+ years exp.) the trend is to primarily program functionality to reach a deadline and then only worry about security when someone moans or you get hacked.
Then I sit trying to explain to management why the company was hacked and why stateful firewalls are unable to secure web applications.
Security is only as good as the weakest link.
Hahaha - that made me laugh. I worked with all major banks, some of the local insurance companies and some cell-phone providers and you are so mistaken. Blatant mistakes happen as I can guarantee you that hardly any developer is aware of OWASP and this flaw (as well as CoJ and others) is careless/reckless oversight (called A4-Insecure Direct Object References) by inexperienced developers taking shortcuts.
This should not be even called a security issue or hacking and should just be referred to as "Incompetence at website XXX causes data-leak".