Wheedle using Labour Party coders?

News is breaking out that the unfortunate and hapless first start at Wheedle.co.nz has been followed up on day two with some major security breaches, including

- the ability for bidders to change a sellers reserve (maybe it’s a feature?)
- unencrypted passwords being emailed to users who wish to reset their password

This is a commercial version of the Whaleoil scoop from last year, when I discovered the Labour Party had unencrypted access to their database through a website of theirs. Not only that, credit card information was put at risk, as was their entire email database. They blamed me for hacking, when in fact there was no hacking involved – just utterly inept website coding and a utterly contemptuous approach to security and protecting the information of others. They were more interested in attacking Pansy Wong than doing things properly. (The website with the open front door was an attack website about Pansy and her husband, which is how I found the breach in the first place).

It is alleged that Wheedle’s website is insecure because they paid peanuts for Indian coders who were sloppy.

It is far more likely that Wheedle have been using Labour Party coders.

  • davidp

    IT security commentator Troy Hunt has been tackling Tesco supermarkets in the UK about their identical non-hashed password issue. The link gives some background information on why this is such a huge security issue, and why no competent developer should make the mistakes that Tesco and Wheedle have made.

    http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html

  • Michael

    They had one chance to launch and build confidence – and they blew it. Wheedle is dead, how long will people hug the corpse?

  • Annabel

    They should just hire you

  • Spiker

    Long thread at geekzone over the last few days about the poor job they’ve done.

    http://www.geekzone.co.nz/forums.asp?forumid=48&topicid=109817&page_no=1

  • WayneO

    Dead and buried. Game over. Brand damage irrecoverable. All within 2 days. Epic, epic fail.

    Next time employ some a reputable and local software testing house. Any IT guru knows that is standard practice.

  • Johnboy

    Did Lynn get a real job for two days then?

  • Slijmbal

    “It is alleged that Wheedle’s website is insecure because they paid peanuts for Indian coders who were sloppy.”

    I’m in the industry and have seen very few indian sourcing projects work – the issue is huge cultural differences between NZ and India in management and control – if it’s a huge project with huge screeds of detailed specifications then the < $50 an hour you pay for their coders actually works. However, the moment you do anything innovative or requiring speed or self direction it falls apart.

    it's well known that 5 good developers beat 20 average and 40 mediocre.

  • MrV

    NZ media seems oddly passionate about second hand goods websites?

  • noobsaibot

    Serves him right for trying to get the site built on the cheap although there are plenty of terrible NZ developers ie the people behind Novopay.

0%