I admire what Socket is doing. If anything happened to my current job it would be the first place where I'd want to work. Keep rocking Feross, greetings from Colombia.
If you have no log in flow at all you'll be spammed. If you have your own sign in flow how do you detect and stop automated account creation and subsequent spam? Can you beat Google at stopping bot signups?
In the end it's a lightweight barrier to abuse. You can argue they should diversify and not just use Google but hey it's a small project. It's understandable. It's also free to sign up for Google for a real user.
Around $56/mo in Colombia with access to top doctors, hospitals and clinics. Copay is $6 for any appointment. But surgery/ER/hospitalization incidents are free
A minor but important correction. Krebs wrote that the Gov claimed that “fixing the flaw could cost the state $50 million.” That’s not quite right. In the press conference linked in Kreb's post, the Governor actually claims that the “incident alone may cost Missouri taxpayers up to $50 million.” I’d guess this number includes an estimate for the legal cost of dealing with the data breach plus any statutory penalties the state might incur (plus a grossly inflated price for fixing the bug).
It's a disgrace the agency who produced this website is not liable for this substandard quality.
How crazy is it that code like this is deployed to production and then the customer has to pay 50 million to get it up to standards? The senator should be ashamed they are being scammed like this.
> fixing the flaw could cost the state $50 million
It's hard to imagine the kind of contorted bureaucracy that could turn such a fix into a $50 million change request, and yet, I wouldn't be surprised at all if it did cost that much.
Seems quite intentional. As it is a levenshtein distance of 2, along with i being physically far away from e and a on most commonly used keyboard layouts.
I would absolutely love to know who provided that estimate and how they arrived at that number. I understand that issues are often far more complex than they appear but this just seems ridiculous.
Turns out a bunch of other systems rely on this bug to fetch information, and no-one's entirely sure where they are, who's responsible for them, or what they do. Also the page is auto-generated though some arcane CMS such that it's really hard to figure out how to get the data off that page while keeping it other places where it needs to be, without restructuring the whole thing. Also deployment is manual and you'll need to go back and forth with some unrelated department for months to make it happen. Also there's no testing environment, no information about how to get it running—let alone any useful scripts or config/deployment management—is in the repo or otherwise available at all, and there are no tests. And it's all written in an unholy combination of ASP.NET and Java server pages. And the "database" is a standards-nonconforming CSV.
Yeah maybe the current system is an emalgamation of 20 such cheap solutions accrued over decades. If they are not i a crisis, they should do ot properly
reply