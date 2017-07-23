Company Gets 45,000 Bad Facebook Reviews After Teenaged Hacker's Unjust Arrest (bleepingcomputer.com) 20
An anonymous reader quotes BleepingComputer: Over 45,000 users have left one-star reviews on a company's Facebook page after the business reported a security researcher to police and had him arrested in the middle of the night instead of fixing a reported bug. The arrest took place this week in Hungary after an 18-year-old found a flaw in the online ticket-selling system of Budapesti Közlekedési Központ, Budapest's public transportation authority. The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price. Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price...
The teenager -- who didn't want his name revealed -- reported the issue to BKK, but the organization chose to contact the police and file a complaint, accusing the young man of hacking their systems... BKK management made a fatal mistake when they brazenly boasted in a press conference about catching the hacker and declaring their systems "secure." Since then, other security flaws in BKK's system have surfaced on Twitter. As details of the case emerged, public outrage grew against BKK and its manager Kálmán Dabóczi, especially after it was revealed that BKK was paying around $1 million per year for maintenance of its IT systems, hacked in such a ludicrously simple manner.
The teenager -- who didn't want his name revealed -- reported the issue to BKK, but the organization chose to contact the police and file a complaint, accusing the young man of hacking their systems... BKK management made a fatal mistake when they brazenly boasted in a press conference about catching the hacker and declaring their systems "secure." Since then, other security flaws in BKK's system have surfaced on Twitter. As details of the case emerged, public outrage grew against BKK and its manager Kálmán Dabóczi, especially after it was revealed that BKK was paying around $1 million per year for maintenance of its IT systems, hacked in such a ludicrously simple manner.
what would of a negative number done? (Score:2)
what would of a negative number done?
Re: (Score:2)
No, you were being a dick. Studies show grammar nazis are dicks.
Re: (Score:1)
Unbelievable... apk (Score:1)
See subject: The kid reported directly to the fools running the place what was wrong/exploitable & gets arrested? WTF!
APK
P.S.=> How else am I supposed to put this? apk
That's embarrassing (Score:2)
The manager(s) who authorized that embarrassment should be fired first thing tomorrow morning because they're clearly clueless bureaucrats that don't even understand their own department's responsibilities.
Devil's advocate (Score:2)
Kálmán Dabóczi, BKK, the police and
Client-side validation? (Score:2)
Surely no e-commerce site should rely on client-side validation? That seems like asking for trouble.
This is cute and all (Score:2)