Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

but they have bank-level encryption!


I once submitted a bug report to my bank, through 3rd party that they had hired to administer their bug bounty program. The 3rd perty determined that it was a pretty high severity issue, because the setting to require a password could be disabled without entering a password. The bank closed it as works as intended, because they had only meant for the password to be optional, out of convenience.

I gues this is in line with their normal practices, as they were unable to issue me a debit card that only works with a PIN, and can only issue cards where the PIN is optional.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: