BFL's site is incredibly amateur...

[Phinnaeus Gage]

I agree, it's the responsibility of the designer/programmer.  I am displeased with this and will be investigating it going forward.  Sometimes it feels like I have to do everything myself.

The guy claims to do everything, but denies being the Project Manager, even though BFL doesn't officially have one, with him being the COO taking up that role.

I fed your chicken, Jody.
Sonny, I let the gardener go home early, therefore I'll finish planting the flowers.
I'll get that pallet, Dave.
This is the way we mop the floors, mop the floors, mop the floors...
"Cocksucker!" I love answering the emails.
"Any questions, folks, before we end the daily tour at BFL?"
"Acme Components? Yes, we would like to double our order. Make that 40 resisters, 10 power packs..."
So many anniversaries this month, luckily they have me in charge of the party supplies.
"Therefore, Bob, if you cancel your order, you'll lose your place in the queue. Do you really want to cancel, for we is about to ship. Honest Abe! Fine, and for not canceling we're sending you a 10% off coupon to offset the next price increase." Click! "Fuckin' cocksucker!"
Note to self: Make sure there's no known anomalies on the website today.
"One, two, three, four, five... I love counting fans in the warehouse."
Shoutbox: I confirm that bet.
Twitter: I AND BFL confirm our bets.
BT: It's a bet.
BFL Forum: That is why we bet...
Bum on the street: Sorry, bud. I gave my last real money at CES to some dude with a camera.
All my bags are pack, and I'm on the road again, (different song-->) https://www.youtube.com/watch?v=-cfc3rCQOuU

[sgbett]

sense disagree with mope-pr. ALERT! seek clarification?

are you saying its good practice to out people's security vulnerabilities without contacting them first?

I can appreciate the theoretical outlook you're coming from. Here's what happens when you try to contact idiots first: http://www.google.com/search?q=bitdaytrade+reddit

Look through the posts there, you have actually competent people trying to talk the guy into safety and some strutting imbecile puffing a lot of smoke about the imaginary experts he's hired, the imaginary expertise he has and on and on.

Thus I can certainly appreciate the practical outlook of warning the community first. I guess in the end it all comes down to a judgement call. Did the OP think the failed site is administered by sane people likely to take appropiate measures in a timely and effective manner, or did the OP think the failed site is a scam run by patent liars (Vleisides, Zerlan etc)?

Yes I certainly agree its a tough call between protecting the innocent, and tarring and feathering incompetent admins into taking action.

I think the way that guy did it was better, "you register, ill show you I can get your pw hash" a good mix of publicly outing them, without actually posting the vulnerability itself letter by letter.

(also sorry for MPOE typo on my previous post... autocorrect :/  )

Maybe my opinion is coloured by me having an outstanding order with BFL, but I'm still giving them the benefit of the doubt, in that I understand what they are doing is hard. Maybe that makes me a sucker, time will tell, and if I do lose that money well that will be another one to chalk up to experience. I'm not so naive as to think that every btc 'investment' I make is gonna pay out. Anyway I think thats a different subject!

Me I'd have contacted them at first, and *then* when they didn't do anything start escalating.