Originally Posted by
frank_poulankh
Worryingly, I've had firsthand experience of software developers from the big consultancies employing similar (and, in some cases, even more insecure) techniques.
You'd hope not , but I guess it might not be that surprising !
The interesting thing will for sure be finding out how they got that JS file up onto the main site domain .. it's a bit different to the ticketmaster hack in that respect