So we outsourced a system.
It was the most stupid thing we could've done.
It's my job to make it fucking work.

  • 2
    Just... Why...
  • 16
    @struks93 common hacker trick to brute force logins using timings... If it takes longer to check a password hash on an existing account than it does for one which doesn't exist (same with locked out accounts) then they know it is a valid login account and they can then force the password
  • 2
    @rob4001 That I didn't know! Though I'm yelling you, it's shitty code ;)
  • 3
    They could've gone for a little less CPU intensive approach. Something like a simple sleep(); :-)
  • 3
    @gerritman123 depends on the use case but in general it is best to actually perform the action you are trying it emulate (speed wise) as a sleep could be as easily detectable as doing nothing... Thread sleep overhead and all
Add Comment