You are viewing a single comment's thread from:

RE: Offline Attack on Steem User Credentials

in #steem8 years ago

I don't fault the OP. This is a classic scenario where you don't fully comprehend the gravity unless it happens. I also like the fact that the OP is being financially compensated for his discovery. I hired my first CTO after he rooted our mail server!

Sort:  

You might be right, Bill. I guess I'm just much more comfortable with white hat activities. We use BugCrowd for FoxyCart and have been very happy with the professionalism and ethics of those involved. When something is exposed (thankfully it's almost always some third party system outside of our PCI environment), it's hard not to take it very seriously. From what I've seen of the team here so far, I think they would have taken a white hat approach seriously also. But... maybe not. As I said, whether or not I like it, this approach may have saved quite a few people from even more frustration.