Re: Had it coming...
> and they "can't" change it because it was hard coded throughout their products.
Worst case scenario, have they never heard of find/replace? Specifically "sed" will find replace text across the whole data set. Of course a poor solution compared to doing it properly, but surely better than leaving the default password across every single production "product" they sell.
> How do they find customers ? Care to name the shame ? Whistleblower and all that ...
I am actually liking the idea of having some sort of whistleblower type site, where workers can anonymously name and shame company products that are this bad. However you would have to find a way to stop companies falsely bad mouthing each others products on the site, as well as disgruntled ex-workers.
Saying that, if someone says the app is crap because it uses the default mysql password everywhere, it is easy to test that, so I guess having only "verified problems" listed could possibly work.
Biting the hand that feeds IT
