Reply to post: There are *no* shortcuts if you want full privacy and security.

US-Cert alert! Thanks to a massive bug, VPN now stands for 'Vigorously Pwned Nodes'

John Smith 19 Gold badge
FAIL

There are *no* shortcuts if you want full privacy and security.

I doubt "Should we encrypt the session cookies" was even a question at these companies.

I'd guess the chain of "logic" the developer(s) would have gone something like this

"Almost no one knows what these are, so on one will look for them and beside, they are on the end users machine"

Forgetting that "Almost no one" would include any competent Black hat on the planet.

Good developers would have this on their "Stuff not to do when developing a security application" checklist.

Bad developers don't have a checklist to start with. Part of what makes them bad developers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021