Actually it was forced, there were dozens of SQL injections and the entire API was vulnerable to CSRF...
Interesting. How do you know he experienced SQL injections? Are you talking about SQL injection vulnerabilities, or actual SQL injection attempts?
There where some threads on reddit.
Several self-claimed security experts were posting there in a rather demanding and assertive tone.
They claimed that the site is littered with tons of beginner errors. When dissecting the posts and cutting away all that vanity and self-approval (which isn't untypical for these kind of guys -- we know, we need to pay them some respect
-- then at least some facts were discovered, like a mechanism to gain other accounts password, and a mechanism which would allow to get at the source code via the web.
Shortly thereafter, a business political quarrel unfolded, which seemingly was going on already behind the scenes for some time. The author and initiator of bitdaytrade seemingly was cooperating earlier this year with the guys behind Kronos.io and zipconf and they parted in dissent. The latter ones announced semi-publicly that they would do everything possible to hinder and block bitdaytrade. In the light of this information, it looks likely that the "uncovering" of these security holes was an orchestrated action.
Any serious IT professional would discuss such security holes in private with the operators first, instead of yelling in a unrelated public forum.
I have a hard time understanding why people who seem uneducated about computer security would want to develop an online bitcoin trading site. I would think the numerous hacks would work as a deterrent of some sort.
I sure as hell wouldn't open a site without some serious studying of these various vulnerabilities.
Well, speaking as a developer here, security can be a tricky matter. Today's web development frameworks are especially made to ease the process of creating web sites to the point where everyone and my grandmother can hack together an online business in 3 days. To build exactly the same service to even average professional standards and with a semi-hardened setup and serious testing would require lots of additional expertise and require about 20 times the effort (two months instead of 3 days), to start with.
This is a well-known and frequently discussed dilemma. People working in the industry and trying to keep up some kind of craftsmanship see themselves put under pressure by their bosses all the time ("hey, what are you toying around, my 15-year old son hacks together that crap in 3 days!"). Even large-scale companies fall for the temptation to make additional money by reducing time-to-market.
