You should see the look on Tony's (CTO) face when we showed him how insecure their multi-millon-dollar software stack is.
Of course they were working with "penetration" testers and security analysts from one of Forbes's Top 50 -we do anything you want- I.T. firm and they were telling him that how qualified and good their security guys with "respected" certificates from a "respected" security gurus with "respected" references. Months after they gave Tony a detailed security report. And they said "if you fix all bugs on our (232 paged) report then you should be fairly secure". And Tony added "And i'm sure that we have fixed all".
"It is not possible" said the DBA when we showed him "the data" we fetched from multi-millon-dollar database under his administration when he was probably snoring in his bed at 02:34 the night before. Then i asked "why you think that it is not possible?". He said "because we are using 2048 bit encryption and Oracle is the most secure database ever !!!".
"We paid a lot to secure our systems" said the CEO. And he added after a sudden silence "You will not tell about this to anyone before we fix it, right?"
No, we will not. We don't need to. Because we already been there to satisfy our ego when we were in school. Years passed, some of us moved to the dark-side and probably you hear about them on the news when a finance firm or government agency or high-tech company got hacked or some got into jail after a long pursuit.
And some of us should be good guys as a result of dialectics to "balance the force".
Long story short: