Tuesday, July 25, 2017
So, a young, concern citizen finds a major bug in a public transportation authority's web site that could cost it millions in lost revenue. He reports it. What does the organization do? It swears out a warrant for the citizen's arrest. How dumb is that? Were the authority any other entity, it would have at least thanked the young man for uncovering it and maybe, even compensated him for discovering it. But no. The organization trumpeted the capture of a hacker at a press conference and declared its system to be secure. Outraged hackers have now attacked the authority's web site for real and discovered holes, which they are publishing on the internet. It didn't have to be this way, but for a stupid decision in the first place. The transportation authority must be filled with bureaucrats who have little familiarity with the web. They are learning the hard way.