"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time. It's really hard to go back and fix the security around it because security wasn't built into it. We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself ... everything from hacking someone's computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names--first name, last name--locations. When you look at the site itself, it could be really good. It could do really well. They're just not building the security into the site itself. Putting your information on there is definitely a risk."
-- David Kennedy, chief executive of TrustedSec
"There's not a plan to fix this that meets the sniff test of being reasonable."
-- Morgan Wright, CEO of Crowd Sourced Investigations
For the full story, go here.
