Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Let's not blame the victims entirely, sometimes they just don't understand modern technology
I'm torn on this and being a cybersecurity engineer....
I guess it does depend on the situation but I do have zero tolerance for people who apply (very) weak security to accounts which also contain data from other people.
Calm your titties.
@linuxxx @alexbrooklyn they don't have to understand, it's our job as developers to make it easy. if they see a lock on their browser and see the domain is correct, they know it's secure, because we, the developers say that means its secure. they don't know their os/browser has registered ca's certificate, the browser checks the signature, and sends an encrypted aes key if it's a legit certificate.
but in this case, they entered sensitive credentials into a website they know is not legitimate.
@linuxxx yeah but i also said the domain is correct too, which means is actually the website if their private key is kept private.
if you're talking about if the website is secure, as in the server itself, that's hard to determine. this is an AMERICAN public education website, that means java server pages and about 2738583 3rd party services, so it's probably not secure.
@alexbrooklyn no see, this isn't a phishing scheme, or even stupidity. this is kids knowingly giving their credentials to an illegitimate site. if they see a lock with the correct domain, they know it's legitimate. this is different. it's a website saying it's not affiliated and will get you your scores early. it is completely illegitimate and kids knowingly gave their credentials away to it. it's like giving someone a key to your house for them to check the mail you just received.