I wish the people who have knowledge of implementing these things would come forward with a leak of some sort. Surely, somewhere their are citizens of this type, right?
Knowing that there is a vulnerability might motivate them to look for it, but given the size of the software, I doubt they'll be able to find it without knowing more.
You'd be surprised; on Windows, at least, there are people who reverse engineer the security patches from Microsoft in order to determine the initial vulnerability[1].
Because there are enough people running Windows who haven't applied the patch that figuring out how to exploit it is a worthwhile undertaking.
Then again, IME of many years as a PostgreSQL DBA, the vast, overwhelming majority of postgres shops aren't running anywhere near the latest release, so depending on how far back this vulnerability goes, there could be a very large number of exploitable targets...
The knowledge may also motivate them to prepare for attacks to be executed once the vulnerability is public but most instances do not have it patched. Scan the Internet for PG backed applications, identify high profile ones, prepare automatic scripts, etc.
Probably because they were the ones who royally screwed up in the first place, disclosing tons of customer details to literally anyone who wanted it (including automatic web spiders), and nobody from AT&T is going to spend a day in jail or pay restitution for that.
Precisely that. Sure, he made a mistake, but so did AT&T, and now because of it he's potentially going to spend 41 months of his life in jail. Life is too short as it is.
I can see where you're coming from saying something like that... But it is a mistake in my eyes. It was an unwise decision that he probably would not have made had he known he faced 3+ years in prison.
That being said, this guy is obviously not a saint. I don't want to sound like I'm defending his affiliation with GNAA or the fact that he went to Gawker with it.
If it had been someone who gives to community, is polite, and respectful, and instead had gone to the NYT or another publication, they still could lose 3+ years of their life. To a mistake.
Yeah, he banged on the keyboard and made a typo and accidentally fell into a 100K of AT&T user records, and then he turned and these records stuck to him and then when he was trying to get rid of them they accidentally fell on Gawker. That's how it happened, judge, and if you don't believe it you must be bought by AT&T.
For anyone looking for an invite to Simple, I've got three available. Shoot me an e-mail (in profile).
I've been using Simple for the past 6 months and I've got to say I don't miss my brick and mortar bank one second. These guys are the perfect example of doing it right.
Just out of curiosity what's the big deal? I received an invite was reluctant to signup because there is an "inactivity fee". As far as I can tell it's just an online bank?
> I received an invite was reluctant to signup because there is an "inactivity fee"
From their site: "After 180 days (6 months) of inactivity, we charge a $5 monthly fee to avoid escheatment,..."
I think if you were to switch to Simple it would be very rare to not use your card for 180 days, but that's just my 2 cents. But yeah, I wouldn't switch to only have an "extra account" that would eventually hit that 180 day inactivity time.
Better account planning (with Safe-to-Spend + goals), excellent UI, instant report generation using searches, humongous network of free ATMs.
The inactivity fee takes a long time to kick in--we're talking a year of not posting any transactions to your account. Their customer support is very open about it.
