Security is hard, and there are some very creative and resourceful criminals out there. They’ll use brute force, misdirection, deception, and any other tools they can invent to try and take advantage.
Security on the web is much the same: challenging, multi-layered, and easy to get wrong. For example, a Brazilian bank’s web site was recently hijacked. Completely. In an “Invasion of the Body Snatchers”-like substitution, an identical-looking but nefarious fake site replaced their original.
There are many safeguards that the industry has figured out over the years, but in this case, they broke down.
If you’d like to learn about the technology stack that’s intended to protect organizations from this sort of attack, I’ll be speaking about it at RailsConf this year.
If you can’t make it in person, you can still join us for the livestream at 10:50 am Mountain time on Tuesday, April 25: http://confreaks.tv/live_events/railsconf2017