45
Kyu96
6y

Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???

Comments
  • 41
    Write an automated script to sniff his credentials, log in to his account, and announce that he is an idiot and will fix the clearext issue.

    Watch him change his password and have it happen again and again. Laugh conspicuously.
  • 17
    Rooting for Root's suggestion
  • 4
    Please, please, do it and shove his own password in his face over and over again.
  • 4
    "YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION"...Just a moment of silence for how awesomely badass that was. *salute*
  • 2
    He is right. Guess why browsers warn when you log in at an http page.
  • 3
    @Fast-Nop Well, that's why you redirect immediately all traffic to the HTTPS site and never provide a login form through an unencrypted connection.
  • 1
    @ethernetzero Correct, but the browser-side application itself doesn't encrypt and relies on network encryption instead.

    It wouldn't even be good if every browser application started encrypting itself because that would get tons of security holes. Crypto is not only hard to design, it's also hard to implement correctly.
  • 2
    @Fast-Nop What you're saying is right and I agree with you, but we both are assuming things from the op that he hasn't really said. Until he clarifies if he was talking about using TLS connections and the other guy was referring to “insecure networks” as public WiFi networks or something like that, we don't really know the whole of the story.

    Heck, we don't even know for sure if it's a web application.
  • 4
    @ethernetzero from the sounds of it, it's some software that requires a login, on a server and the software doesn't do end-to-end encryption.

    OP never mentioned the web, only sending login information with software unencrypted. In other words, it doesn't do anything until it hits the server so if you use WireShark to sniff the packet at the user, all the information is plaintext in the packet.

    That's like, if you knew nothing and learned WireShark today, that'd be like your first lesson lol.
  • 1
    @CodeBane Yeah, it sounds like it.
  • 2
    @CodeBane You nailed it, pretty much
Add Comment