Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: What happened?

by mzedeler (Pilgrim)
on Jul 29, 2009 at 08:28 UTC ( #784157=note: print w/ replies, xml ) Need Help??


in reply to What happened?

I didn't get this message and found that its because I'm not a user with 3000+ xp. But that just made me even more worried - does the code really store passwords in different places and with different encoding schemes depending on the user status?

Also, what steps are the janitors taking to restore perlmonks.org in order to ensure that the hackers doesn't have access any longer?


Comment on Re: What happened?
Re^2: What happened?
by Anonymous Monk on Jul 29, 2009 at 08:34 UTC
    does the code really store passwords in different places and with different encoding schemes depending on the user status?

    No, only 3000+ xp were selected for exposure

Re^2: What happened?
by afoken (Parson) on Jul 29, 2009 at 09:19 UTC

    What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
      Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
        Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.

        If your password is listed, anyone can use your password to change your posts, or worse: change your password so you can't change it yourself, later.

        If you change it now, your new (temporary) password would still be stored in clear text, on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed to just reading a magazine that has probably been copied over a million times already.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784157]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2014-09-21 13:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (171 votes), past polls