Dropbox Password Goof Let Any Password Work For 4 Hours 185
Posted
by
timothy
from the you'll-find-we're-very-open-minded. dept.
from the you'll-find-we're-very-open-minded. dept.
tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."
Re:Regression testing (Score:5, Funny)
This is why automated regression testing is a best practice. I guess Dropbox don't test their authentication.
That would be so oldschool. We do agile development now, and the user is the tester once the unit-tests pass.
</sarcasm>
Relax, it was only 4 hours. (Score:5, Funny)
Relax Mr. President, We only let our enemy control our nuclear arsenal for four hours
Relax Japan, we have enough battery backup for the cooling system for four hours
Relax Gulf Residents, it's only been spilling oil for four hours
Relax Public, the serial killer has only been escaped for four hours
Relax Columbine Parents, the killing spree and stand off only lasted for four hours
Re:Regression testing (Score:5, Funny)
Re:Regression testing (Score:2, Funny)
snap!
The Most Interesting Developer In The World (Score:5, Funny)
I don't test my code. But when I do, I do it in Production,