Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^4: Status of Recent User Information Leak

by Argel (Prior)
on Jul 31, 2009 at 19:53 UTC ( #784980=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

Kind of like how the hackers bothered to look into it?? This apologist attitude is tiring and counter-productive. Thank the people for the great volunteer work they have done and are still doing, but please don't apologize for the glaring oversights that also occurred. I mean, what are we, some large corporation concerned more about covering things up and figuring out how best to spin this?? I'm not sure what the beverage of choice is for Perl programmers, but I'm pretty sure it's not Kool-Aid!!

Elda Taluta; Sarks Sark; Ark Arks


Comment on Re^4: Status of Recent User Information Leak
Re^5: Status of Recent User Information Leak
by Zen (Deacon) on Jul 31, 2009 at 20:23 UTC
    My outrage was deemed paranoia in the face of a horde of apologists. We need less anonymonk posts on this and say it plainly: the conduct was not acceptable. My thank you's are hard to find when the persons I am supposed to thank are at fault to begin with. If a bank gave away your personal info and didn't notify you, but said they'd get around to fixing it someday, do you send them an e-card?
      Well, would you consider sending an e-card if it had some cross-site scripting attacks embedded?!? (^_^) Just kidding of course, but I couldn't resist! (^_^;)

      Elda Taluta; Sarks Sark; Ark Arks

      Storing password either in plaintext or hashed version is not really much of consequence as after supplying login data, password is sent in plaintext from your user agent to the web server. (I would surely change my tune if/when the login starts taking place over an encrypted connection and passwords would still be stored in plaintext.)

      That is same as sensitive (for some definitions of it) emails being sent from banks or family in plaintext. How does it matter if they are encrypted after receiving?

      If a bank gave away the information they hold on me, I'd face the risk of losing all my property.

      If PerlMonks gives away all the information they hold on me, the worst thing that can possibly happen is that someone might pretend to be me on PerlMonks.

      I really don't think the two scenarios are comparable.

      Yes, storing passwords as plaintext was stupid. But let's get some perspective here. "Outrage" is a strange reaction to the leaking of passwords for a simple discussion forum; would it really affect your life significantly if someone else posted as Zen on PerlMonks? And anyone who was reusing the same password for more serious purposes elsewhere was being just as stupid.

        Hard to explain to someone like you who fundamentally agrees with blaming victims. I've done what was asked of me. Please do the right thing.
Re^5: Status of Recent User Information Leak
by Anonymous Monk on Aug 01, 2009 at 02:16 UTC
    I'm not apologizing. The outrage is what is tiring and counter-productive. I'm sorry you feel a free website owes you bank level security. Like a building with high level of security, but once inside "personal records" are only secured by padlock. Did it promise you security from breaking/entering? No. They're not protecting your money, only one single word, your password. Ok, 3 words if you put in your real name. Be outraged at yourselves for
    • put in personal information into random website
    • reuse passwords
    • confuse random website with a bank or shopping site

      I mostly agree I'm just pointing out that apologists do not apologize.

        So I am an apologist? Learn something new every day :) Thanks mother
      Hell no. This is a developer resource, by and for developers. The fact that they stored plaintext passwords, which has been a worst practice since the invention of the hashing algorithm is in one word: Outrageous. This stuff is so basic, so incredibly basic, that there is no excuse. If you can't even bother hashing your passwords, you should be banned from posting code on the internet altogether.
Re: Status of Recent User Information Leak
by jonadab (Parson) on Aug 05, 2009 at 14:31 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784980]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2014-07-29 02:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (211 votes), past polls