This what i don't get. Banks can secure themselves, large e-commerce sites as well. Do any of these guys run Hardware security modules and use them to manage encryption of the keys?
Honestly, I am curious if the security researcher (who alerted them to this problem and then griped out lack of payment in the article) is the person responsible.
Ya know, that blog you linked to - I don't like that he's upset he didn't get a reward for his good deed. He should be just happy to do a good deed, IMHO.
Yeah, if you were expecting a reward, it's not a good deed.
I informed some BTC places of security problems a few years ago, and was roundly ignored, although they put the fixes in place, from what I recall. I wasn't upset because I wasn't expecting anything.
EDIT
Reading that page . . . depending on a URL staying secret as your security? Wow, that is asking for disaster.
I don't like to shame people who make security mistakes, but if you are online wallet vendor, shouldn't you have some common sense?
