Security Company Says NASDAQ Waited Two Weeks To Fix XSS Flaw 61
alphadogg writes "A Swiss security company said the NASDAQ website had a serious cross-site scripting vulnerability for two weeks before being fixed on Monday, despite earlier warnings. Ilia Kolochenko, CEO of the Geneva-based penetration testing company High-Tech Bridge, said he repeatedly emailed NASDAQ and warned of the XSS flaw. 'I can basically say I have spammed them,' Kolochenko said in an interview. A NASDAQ spokesman did not have immediate comment. NASDAQ.com lets users create accounts and build a profile to monitor stocks and news."
Very difficult. (Score:4, Funny)
Penetration testing company (Score:0, Funny)
Butt-Head: Huh huh, you said penetration.
Beavis: I'd love to work at that place!
Re:How about the real story today? (Score:2, Funny)
Just remember, NASDAQ runs on Windows on days when things go wrong (it runs Linux during the rest of the week).
Re:good process is not trivial (Score:5, Funny)
In reality,
Dev gets email, updates code, posts to live website.
He's just 3 weeks behind on email.