If Agora is so focused on security why didn't they already have basic CSRF protection after over a year in beta?


Comments


[5 Points] _TROLL:

Because they assume their users possess computer savvy higher than that of an average 3rd-grader, and know to enable NoScript and certainly not to click on random links offered by random nobodies in random PMs.

Bad assumption, it would appear.

At a certain level of stupidity, I'm sorry but it's wholly the user's fault. Agora should not have to "baby-proof" their site because some idiot sees a shiny object like the phishing link and can't resist clicking it. Bravo to the hacker for taking advantage of said idiots, but even minimal common-sense security measures would have reduced his total take to zero dollars.


[2 Points] theevoinsider:

When people talk about agora being security conscience they are refering to keeping themselves safe not some retards


[1 Points] CocaineNose:

synchronizer tokens at least. find it hard to believe they didn't


[1 Points] HappySodomy:

beta

There is your answer. That and as many others have said, "Baby's first PHP project" among other things.


[0 Points] Kazaa99:

Its basically because Agora is not coded bu skilled persons, and they probably don't now what the word CSRF means.

The staff should have millions by now, but since they are still going and not doing much work on the actual site, its a good guess that it has been hacked a few times making them start earning from scratch.


[-1 Points] KimJongUntouchable:

Because like SR1 the site was built by amatuer developers, not experts.
You'll see that this is true when they get arrested and the inner workings are detailed for the world to see.