• Fristo (unregistered)

    Pisto

  • chreng (unregistered)

    So this ingenious ban solved the problem with using F12 in other browsers too?

  • chromer (unregistered)

    If Chrome is outlawed only outlaws will have chrome!

  • DocMonster (nodebb)

    Ah clueless management. I never did understand how people get to executive positions without knowing like the basics of anything. Like, any idiot who did even 20 seconds of research would see that A) Viewing source is common to every browser and B) Unless you're a dumbass and put business logic in Javascript (wait a second...) nobody can glean anything of value from your site anyways, and C) Even if they modified the source to say enable a submit button when it should be disabled, you should have server-side checks as well to make sure things like that on the client can't defeat actual security.

    But no. These supposedly experienced managers, with many years or often decades in management, go dumb as a box of rocks apparently. gasp He said this is a SECURITY breach! We can't have that! No more using this clearly insecure hacker's browser! That will fix the problem!

    I just don't get it. Why do people go stupid when they get to be managers and are seemingly no longer capable of rational thought? I always imagine a room full of like geriatric old people in wheelchairs who just don't get any of this newfangled stuff. "What's that, sonny? Web browser, you say? Why would I want to look at a spiderweb? Is it made from the Chinky silk?" and so on.

  • Brian (unregistered)

    It's the perfect management response: "Look here! There's a problem!" "We will solve the problem by no longer looking there."

  • Ulysses (unregistered) in reply to DocMonster

    The world is chock full of idiots and idiotic practices like nepotism. No PHB ever had to shed any gray matter. Rather, ever had any gray matter to shed.

  • MaxArt (unregistered)

    Now, everyone should wonder how many bugs and security breaches that could be discovered with a simple "hacker browser" Charlie let pass.

  • UndergroundCode (nodebb)

    Clearly the developers should file security bugs on all other web browsers as well for their own Dev Tools features. Then the company will have to shut down because no web browser is secure enough.

  • Zenith (unregistered) in reply to DocMonster

    Not siding with management here but haven't you ever worked with anybody who did business logic in JavaScript and didn't have any kind of server-side checks? I can't even look at development job postings anymore without suffering the software industry's equivalent to PTSD flashbacks.

  • white knight (unregistered)

    It gives me a such a good feeling that the "tech lead" (and the only person who has the decency not to laugh about the poor guy) is (of course) female.

  • Herby (unregistered)

    One needs to get proactive on this. File bug reports against Firefox and Internet Exploder as well. Then you don't need to do ANY testing.

  • I dunno LOL ¯\(°_o)/¯ (unregistered)

    "I lifted the hood of my car and there's an ENGINE under there! You could put your hand in there and get hurt or something!"

  • Robin Bobcat (unregistered) in reply to I dunno LOL ¯\(°_o)/¯

    Hurt, nothing! You could learn how the whole engine works, and build your own! Before you know it, folks are selling pirated automobiles on the internets and the car economy tanks!

  • im not even in QA (unregistered) in reply to DocMonster

    Even if they modified the source to say enable a submit button when it should be disabled, you should have server-side checks as well to make sure things like that on the client can't defeat actual security.

    You would think so, yeah. Not always. Even in systems that costs tens of millions of dollars to develop.

    I speak from experience.

  • Jerry Kindall (unregistered) in reply to Robin Bobcat

    Your idea of "car economy tanks" intrigues me and I wish to subscribe to your newsletter. How expensive would these tanks be? Affordable enough to afford one for myself? I have always wanted to drive a tank. If it was also a car, and economical, that would practically make my decision for me! Especially if I could download one from the Internet.

  • Barf 4Eva (unregistered)

    Reminds me of that IT Crowd episode where the two devs give their boss "the internet", which is simply some small box with a blinking red light on the top, to see how she would crash and burn in a manager's meeting. Instead of looking like a fool, everyone in management was watching in amazement this "internet in a box"... until it dropped on the floor and broke, causing all of management to run from the room screaming... And the two devs to look at each other w/ that WTF expression.

  • Jeff Grigg (unregistered) in reply to im not even in QA

    But... Are you suggesting that preventing anyone in the company from testing in the Chrome browser will protect the company in any way from their ignorant lack of server side validation?

    Oh; I guess that management could "solve" that problem by including "our product does not support Chrome" somewhere in the documentation.

    ;->

Leave a comment on “Best of 2016: The Website Hacker”

Log In or post as a guest

Replying to comment #:

« Return to Article