Hacker News new | past | comments | ask | show | jobs | submit login

It's easy to hate on big companies. But can we just applaud Cox for having patched this within a day? That's incredible.



To be honest I would be very surprised if this was Cox as an organization and not just one or two very passionate workers who understood the severity of the issue and stayed after hours fixing it for free.


That was the most shocking part of the entire article! Unfortunate this vuln existed but clearly engineers there have enough teeth to get stuff done.


Agreed. Bugs happen, bug fixes don’t always happen (especially quickly)

That being said, we could all do with a bit more input sanitization, and I hope Cox learned their lesson here.


Seems more like a configuration error. Load balancer balancing over a few hosts, one of them missconfigured. Most likely over 2 hosts given the 50/50 success ratio of the intruder test. If that’s the case then it’s easy to fix in such timeframe




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: