> A few hours later, MasterCard acknowledged the mistake, but said there was never any real threat to the security of its operations.
> “We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote. “This typo has now been corrected.”
Always the same. These statements make my blood boil.
Their thinking is .. one hand if we ack the problem we risk losing millions in share value. If we deny, a bunch of nerds will whine a bit more.
Without a proof of compromise, sadly it's difficult to force. With a proof of compromise, you're going to jail.
loading story #42805136
Yeah. What they really mean is "we talked to a clueless drone in our IT department, who had a personal incentive not to find any exposure, and that person couldn't think of a way to exploit it in 15 seconds".
If you actually know what you're talking about, you basically never feel safe enough to categorically say that something can't be exploited.