12.5.06

Ranting on digg


It's no secret at all that I never liked folks on digg. Bare with me, I just don't. But, what the hell?, they keep nailing themselves!

Some time ago Steve Thompson found a security vulnerability on digg. Now, the attittude expected is something in the lines of "no piece of software is perfect, if someone found a bug and reported it was cool, because he isn't exploiting it, cool, thank you, we're going to fix it". Of course this hasn't happened - after all it's the digg crew we're talking about.

I'm just going to quote Steve:

In an email I recieved later one of their developers told me that unless I can show them otherwise, they would not consider this a security problem, and would not fix it.


Of course that's only their way of not admitting they had an issue (oh no! people must think we're perfect 1337 h4x0rs!), and not admiting it, they've silently fixed the problem, and now if you try to exploit them, you'll get an "Incident has been logged - hope you enjoyed the site while you had a chance" message.

Way to go, assholes, that's a great way of asking for people to stop properly bug reporting your issues and start to just exploiting them. Above all, you're disrespecting your users in having such attitudes.

No comments:

Post a Comment