Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Demolishun19204178dThose dumb mother fuckers better not try and blame you.
Hazarth5778178dDropping the token lifetime isn't the solution, how did it leak in the first place? MitM I hope? In Which case there's not much you can do with it. If the network is compromised then even 5 second token is a threat, just more spaced out, but not by much
Why is the card returned before payment?! That's your real issue...
The other is obviously the network, not https? Or what?
The gift card returns before the transaction completes bc that thing that managers love: priority shifting. They said they knew, but other things always where more important (in 3 years of existence).
If they're inside the network? We don't know. Their API is a black box, I can't run it locally and deploys to dev environment are made by hand by one of their "IT" guys. The same happens with their infrastructure, no logs, no monitoring...
It may have leaked by: People running a scam and agreeing to receive some money for giving their credentials or the attacker has access to the database
ars11790178dWhat a trainwreck