back to article Crime doesn't pay? Crime doesn't do secure coding, either: Akamai bug-hunters find hijack hole in bank phishing kit

Phishing kits – used by miscreants to build webpages that steal victims' personal information and money by masquerading as legit websites – harbor vulnerabilities that can be exploited by other miscreants to pilfer freshly stolen data. It's not far off burglars breaking into a mafia den to steal loot swiped just hours earlier …

  1. Shadow Systems Silver badge

    Crime doesn't pay?

    That's odd, those politicians seem to be rolling in the stuff.

    (Do I really need the sarcasm tag?)

    1. Mark 85 Silver badge

      Re: Crime doesn't pay?

      No honor among thieves also seems to be the operating mode for many politicians also.

  2. joeW Silver badge

    The real Criminal Activity...

    ...being the use of PHP.

  3. Hermann

    Crime doesn't pay

    > Larry Cashdollar

    Living up to his name

    1. Nick Kew
      Coat

      Is it April 1st again?

      But surely, his name is a phishing attack?

  4. Blazde
    Facepalm

    Yo dawg

    I heard you like insecure code..

  5. Anonymous Coward
    Anonymous Coward

    Honor among thieves?

  6. adnim

    confused

    "Many phishing kit developers have a background in application security, and chase bugs like these for money and notoriety."

    Yet they write insecure phishing kits like the ones lifted from GitHub?

    Is this on purpose so they can feed of the copy/paster clueless?

    Just a thought

    1. A random security guy Bronze badge

      Re: confused

      They could be leaving backdoors or maybe writing water-tight code is a different art form?

  7. veti Silver badge

    Criminals have PHBs too

    And they're just as clueless as their commercial counterparts.

    So there's an underling coder who knows (1) that his boss isn't going to rigorously review the code, (2) that his boss is a criminal, and therefore (3) his own long-term job prospects aren't great. Why wouldn't they insert some extra backdoors in the code, so that they can continue to profit from it after they bail from the current gig?

  8. A random security guy Bronze badge

    Good hackers aren't always good coders ...

    The two types are diametrically opposite even though A secure coder has a healthy respect for hackers and vice versa. But in my years, I never found a good white hat hacker to actually produce beautiful and secure code. They are very good at breaking things. I like it that way since they don't have a stake in building something secure, they don't have a bias. Any opinions? Maybe my data set is too small.

    1. veti Silver badge

      Re: Good hackers aren't always good coders ...

      I agree. In the same way, good coders don't generally make good testers, or vice versa.

      Breaking things is a fundamentally different skill from making things.

      1. ChrisElvidge

        Re: Good hackers aren't always good coders ...

        "Breaking things is a fundamentally different skill from making things."

        Viz: Uber, Facebook, Google etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020