Quote:
Originally Posted by ItsNotLupus
I still think it is odd this leak was there with the new client and all.
I mean, they are developing a new client right? Security is a very important chapter of writing a new client. Yet Cake choose for this outdated algorithm? What is up with that? It isnt just there, somebody decided to put it into the new client. And decided so quite recently.
My opinion: This just means that Cake does not have high regard for player security in its corporate culture. Reinforced by their website asking for logins on unsecured pages and by porting the "secure protocol" over to their upcoming beta version, I think it indicates a general disregard for security, rather than some programmer taking a shortcut.
The fact that Cake has not very visibly fired anyone over this simply proves people were acting according to the expectations of higher-ups all along. This
is most certainly something to fire someone over: Head of "security", head of IT, lead programmers, CEO, COO, CIO, CTO, the list goes on of the number of people who could have and should have caught this (or ordered an independent audit to catch stuff just like this). I think one of the people
least responsible is Lee. He is just the public face for the site. The heavy lifting, the planning, the security precautions, the technical expertise, all of that stuff is handled day in and day out by other people who know better.
The moron inside Cake who took the decision to re-implement or port (or authorized it) over a broken encryption protocol t the new client version without kicking and screaming to everyone is one who would be sacked immediately. As well as anyone who either okayed the implementation or who failed to disclose it internally.
Anyway, I think Cereus handled it much better, but Cereus had practice in dealing with public crises; and Cake did not. They are learning right now that sometimes it's better to accept responsibility and just fix it and not waste time placing blame on anyone else.
But the clock is running, let's see how quickly Cake can fix things. They did fix the web site SSL problem quickly; how long it takes them to fix the client protocol will be a reflection of their technical expertise and the quality of their code.
Last edited by oldspeedy; 07-30-2010 at 01:49 PM.