Naked Magnus wrote:mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?
There is absolutely NO excuse for not encrypting passwords.
That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.
I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.
It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.
Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.
I have a degree in Network Security and management and I see so much is wrong with how the website was setup. I know that letting an outside company handle commerce can get expensive if you aren't making alot of sales to support the cost.
What I see is just a lack of security and thinking. They thought no one would hack them, which of course is foolish thinking. For some reason the way the ordering page was setup, it felt like I was ordering from a company back in the late 90's.
As far as them accepting full responsibility, they can't. technically because the breach is well known, and has caused problems for people they are on the hook. However FunPub is no Sony, this hack job could ruin them and probably for good. I just better get what I paid for before that happens.