Checkout this screen grab of an error message thrown up by my garbage collector’s online bill pay system. This is appalling. If you develop software for a living you’ll know what’s going on here. Essentially the developer didn’t unit test their code, and didn’t handle the exception. Actually they did handle the exception but in completely the wrong way, throwing a system exception straight back to the end user.

Not only has this developer ruined the user experience but he’s exposed vital information to a potential villain. E.g. from this message I can tell the site is running SQL Server on the back end. I can tell there’s a table named tbl_Payment_Master which is owned by the built in dbo account. I can tell there’s a primary key on that table and I’m even told the data database name. So I’m all set for a SQL Injection attack. Remember this is a PAYMENT application most likely with credit card information stored therein.

This is just lazy, like the guy doing the rubik’s cube above.