> What can we learn from this? > > The developer uses VI/VIM. > Make sure to test your code before going to production. > never rely on obscurity alone for your security…. >
A breach would imply that an attacker used the vulnerability and compromised their systems. Which I don't think was the case, however, I didn't read a whole lot about this issue. Who in their right mind would use VI/VIM for doing actual development? It's an editor and its use in development for anything beyond writing or editing simple scripts is just not smart. If the developer were using an actual IDE he would have seen the beginning line underlined in red indicating a syntax error. The IDE would have alerted them to the fact there was a problem and it wouldn't have made it in to production in the first place. That's one takeaway Tumblr should be thinking about. -- *Nathan Hamiel* http://hexsec.com <http://hexsec.com>http://twitter.com/nathanhamiel blog: www.neohaxor.org
