Unfortunately, that cyclone may not be as easy to get past. Yes, people won't forever care about phpfog. However, if phpFog (which was at least PARTIALLY at fault here) presses charges, thats a criminal record and will come up on every background check for the rest of his life. This effects job opportunities, VISA opportunities, loans (not to mention lawyer debt from fighting it), hell even insurance prices.
What the kids did was bad, but I think pressing charges and seriously hindering two smart sixteen year-olds is a knee-jerk, over-zealous application of law and retaliation/punishment. Especially (I know I'm going to draw a lot of heat for this) when they found THEIR irresponsible storage of sensitive data.
I am a dev. I have also worked in the computer security field for a reputable firm. What phpfog did was irresponsible(actually, stupid!) and it was relatively easily avoidable. I know this because I (along with pretty much every dev) have used the exact stopgaps and quick-fixes that phpFog did. BUT (big lesson) cleaning up after your self is as much a part of programming as putting those quick-fixes in place. Unfortunately, its not the "fun" part and its not the most obvious money maker.
Like they (pretty much) said, phpFog put off the fixes because they wanted to deliver quickly. Thats THEIR decision and THEIR risk/reward assessment. I've made the same assessments in my work. They should suck it up and learn the lesson. Not hurt little kids. They're lucky it was found by these kids and not someone that knows how to conceal their identities and/or wants to do more serious damage (For example, hurting a phpFog clients).
If I knew some dev at my hosting company was keeping system passwords on a web server, they wouldn't be my hosting company. What about the trust/confidence of the clients that phpFog was knowingly betraying?
Edit: Yes, there is a proper way to disclose information. They're kids. I'm surprised they handled it as well as they did to be honest. I was a much dumber 16 year old.
What the kids did was bad, but I think pressing charges and seriously hindering two smart sixteen year-olds is a knee-jerk, over-zealous application of law and retaliation/punishment. Especially (I know I'm going to draw a lot of heat for this) when they found THEIR irresponsible storage of sensitive data.
I am a dev. I have also worked in the computer security field for a reputable firm. What phpfog did was irresponsible(actually, stupid!) and it was relatively easily avoidable. I know this because I (along with pretty much every dev) have used the exact stopgaps and quick-fixes that phpFog did. BUT (big lesson) cleaning up after your self is as much a part of programming as putting those quick-fixes in place. Unfortunately, its not the "fun" part and its not the most obvious money maker.
Like they (pretty much) said, phpFog put off the fixes because they wanted to deliver quickly. Thats THEIR decision and THEIR risk/reward assessment. I've made the same assessments in my work. They should suck it up and learn the lesson. Not hurt little kids. They're lucky it was found by these kids and not someone that knows how to conceal their identities and/or wants to do more serious damage (For example, hurting a phpFog clients).
If I knew some dev at my hosting company was keeping system passwords on a web server, they wouldn't be my hosting company. What about the trust/confidence of the clients that phpFog was knowingly betraying?
Edit: Yes, there is a proper way to disclose information. They're kids. I'm surprised they handled it as well as they did to be honest. I was a much dumber 16 year old.