(un)Security through transparency

There’s always much talk about systems which are insecure by default. The usual point being made is that a not-so-tech-savvy or uninformed user will be running an insecure setup without ever noticing. But what of the (supposedly) tech savvy people that offer their skills as a service? ### Incompetence as a service Hosting services are definitely not known for staying on the bleeding edge of software. In fact, they’re not known for staying up to date either. But running a PHP version from 2009 while also proudly delivering a


x-powered-by $php-version-from-2009

header to every get request is something new entirely. It gets even better, when you call the helpdesk and complain about it they

Rolling your own

As a conclusion,


comments powered by Disqus