Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re^2: What happened?

by afoken (Prior)
on Jul 29, 2009 at 09:19 UTC ( #784184=note: print w/ replies, xml ) Need Help??

in reply to Re: What happened?
in thread What happened?

What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.


Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^2: What happened?
Replies are listed 'Best First'.
Re^3: What happened?
by jrsimmon (Hermit) on Jul 29, 2009 at 15:25 UTC
    Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
      Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.

      If your password is listed, anyone can use your password to change your posts, or worse: change your password so you can't change it yourself, later.

      If you change it now, your new (temporary) password would still be stored in clear text, on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed to just reading a magazine that has probably been copied over a million times already.

        users who havent logged into perlmonks in over a year should have their passwords changed by gods

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784184]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (4)
As of 2015-10-09 05:29 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (233 votes), past polls