Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^2: What happened?

by afoken (Prior)
on Jul 29, 2009 at 09:19 UTC ( #784184=note: print w/ replies, xml ) Need Help??


in reply to Re: What happened?
in thread What happened?

What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)


Comment on Re^2: What happened?
Replies are listed 'Best First'.
Re^3: What happened?
by jrsimmon (Hermit) on Jul 29, 2009 at 15:25 UTC
    Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
      Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.

      If your password is listed, anyone can use your password to change your posts, or worse: change your password so you can't change it yourself, later.

      If you change it now, your new (temporary) password would still be stored in clear text, on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed to just reading a magazine that has probably been copied over a million times already.

        users who havent logged into perlmonks in over a year should have their passwords changed by gods

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784184]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (10)
As of 2015-07-31 08:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (276 votes), past polls