Hacker News new | comments | show | ask | jobs | submit login

a little harsh maybe....developers make mistakes...probably just forgot about it while trying to get the initial release out the door.... its not like tumblr is a bank or the DoD

Forgetting to secure the admin panel isn't a little mistake though and is easy enough to detect "Hey, I didn't have to log in to an admin account to use the admin panel thats weird".

Saying security is less important because it's not a bank doesn't make sense because it's issues like this that can cost a company it's existence.

This doesnt sound like the whole admin panel... its possible nobody has even used this panel since testing...

It is a problem, just saying that I vote the developer keeps his job cause i like tumblr

I'm not advocating firing the developer. If every developer got fired for every stupid silly mistake we'd have no working developers in the world. I was just clarifying the seriousness of this specific flaw. :)

ok, maybe :) But forgeting to secure your admin area deserves more than a simple warning. Can you imagine if the person that discovered the vulnerability decided to delete all the user accounts?

Or try out the usernames and passwords on say BofA?

The passwords aren't stored in plaintext, they said.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact