My money is on incompetence, as this was obviously something people could find by just looking. IMO incompetence is worse because while intent can be fixed pretty fast if needed, incompetence cannot.
It is also a pretty good indicator for the sad state of practical IT when a security element (!) does not even manage to get something as basic as certificate verification right.
Incompetence or malicious intent? (Score:3)
My money is on incompetence, as this was obviously something people could find by just looking. IMO incompetence is worse because while intent can be fixed pretty fast if needed, incompetence cannot.
It is also a pretty good indicator for the sad state of practical IT when a security element (!) does not even manage to get something as basic as certificate verification right.
Re: Incompetence or malicious intent? (Score:2)
What do you want to bet an outsourced or h1b1 employee with no experience implemented this as a cost saving measure.
Talented security professionals are expensive