测试一些银行柜员软件后，我打电话给技术部安排了一次拨号IP会话。“您想连接到哪个系统，生产系统还是测试系统?”

真实的故事。

人们把密码贴在公共网站上……

About 3 years ago I built a site for a somewhat large non-profit organization in our state. When it came time to deploy the application to their web host server, I noticed an odd file named "cc.txt" or something obvious like that in their public site. It was under their web root, was getting served, and was a csv file of all their donor's names, addresses, credit card numbers, expiration dates, and CVV/CVC codes. I cannot count the number of times I brought the issue up - first to my boss, then our company accountant, the client's IT director, finally the client's President. That was 3 years ago. The file is still being served, it can even be googled. And it's been updated. I tend not to respond to their donation solicitations when I get them.

你知道你一直读到一家大公司如何让他们的客户的个人身份被盗吗?(事实上，据我所知，这种情况在我身上发生过两次——一次是在我的健康保险公司，一次是在我的人寿保险公司)这通常是由于窃取了数据库备份磁带，这些磁带是未加密的，读取了存储在其中的未加密的个人信息。

我所见过的最糟糕的是信用卡、个人识别码和姓名以纯文本形式存储。我差点心脏病发作了。

信不信由你，我最近在一个网站上发现了这个:

eval($_GET['code']);

服务器甚至没有安全模式…