We have discovered the Bug on 14-Feb-2009, Till yesterday BharatMatrimony.com did not taken enough care to update their login page completely... But when we had disclosed How we have done this...and couple of blogger's had put the posts regarding this.... within less than 24hr, these folks has changed the login page.
The stuff, BM did not taken care to do in 3 months... is done by less than 24hr !
Normally Security Folks follow the ethical practice, not to disclose the loophole till they completly fix it, even in past During Myntra Hack we have waited for 2-3 days, till their tech team will fix it. However Incase of Myntra, their team is active, when we reported the issue within next 6hr they called us, However in this case, since last 3 month looks like they stay dumb, with hope We will not going to publish it ! None will know it ! and kind of Lazy !!!
As per my understanding, No system is secure, however when someone will report you Security Loophole, atlest for the sake of your users... you should try to understand it and if possible fix it, or put practical workaround ! the work you have done in last 24 hr, you might have done in last 3 months ! But who cares ??? :)
Just Chill
Raxit Sheh
Tuesday, May 12, 2009
Subscribe to:
Posts (Atom)