There was actually a high-profile incident not too long ago with one of the big ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		makomk on Jan 11, 2013 \| parent \| context \| favorite \| on: Bitcoin exchange hacked via Rails exploit, funds s... There was actually a high-profile incident not too long ago with one of the big banks' online banking system. Users could view other people's account information just by incrementing an integer in the URL as I recall. It's not necessarily so much that banks are secure, but hacking them is much riskier than hacking Bitcoin sites, especially for white-hats.

tedunangst on Jan 11, 2013 [–]

Are you thinking of Heroku? Heroku isn't a bank.

lclarkmichalek on Jan 11, 2013 | [–]

It was probably Santander: http://www.h-online.com/security/news/item/Santander-s-onlin..., though there have been other instances of bad bank web practices.

tedunangst on Jan 12, 2013 | | [–]

Putting plaintext passwords in a cookie doesn't sound anything like incrementing an integer in a URL.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact