Hacker News new | past | comments | ask | show | jobs | submit login

Doesn't NASDAQ have some responsibility for this hack? Doesn't NASDAQ have serious security reputation issues now?

Reputation ? The same company who's one of its chairman ran the biggest known ponzi scheme in recent financial times.

Blaming the victim? Nice.

If indeed it was a basic SQLi attack and NASDAQ failed to prevent it, then to some degree, yes, they're responsible. As a high-value target it's incumbent on them to secure their systems.

Here on HN we often say "security through obscurity is no security." Relying on the fact that it is "illegal" for someone to hack your system to prevent them from doing so is similarly flawed logic.

Yep. And depending on where the attackers are from, it might only be illegal in US jurisdiction anyway. So it's just plain negligence not to do your best. That said, it is a huge attack surface and it sounds like they had a lot of time and resources; they can afford to just wait to get lucky. NASDAQ had to be lucky ALL the time. /devils advocate - obviously someone f'd-up.

The victim isn't NASDAQ. The victims are the people who trusted NASDAQ. Parent is asking whether NASDAQ was negligent.

That path has dangers all around (though, financial regulations try somewhat, don't they?) but it's a different discussion than victim blaming.

This isnt a mugging or an assault.

This is a company charged with processing financial information that apparently didnt sufficiently protect the data.

I can see it now. NASDAQ brass participating in it's own "slut walk" for "sloppy-seconds" developers and IT managers. "Just because I cut contracts for the lowest bidder doesn't mean I deserve to be penetrated!"

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact