Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^5: Status of Recent User Information Leak

by Zen (Deacon)
on Jul 31, 2009 at 20:23 UTC ( #784990=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

My outrage was deemed paranoia in the face of a horde of apologists. We need less anonymonk posts on this and say it plainly: the conduct was not acceptable. My thank you's are hard to find when the persons I am supposed to thank are at fault to begin with. If a bank gave away your personal info and didn't notify you, but said they'd get around to fixing it someday, do you send them an e-card?


Comment on Re^5: Status of Recent User Information Leak
Re^6: Status of Recent User Information Leak
by Argel (Prior) on Aug 01, 2009 at 00:55 UTC
    Well, would you consider sending an e-card if it had some cross-site scripting attacks embedded?!? (^_^) Just kidding of course, but I couldn't resist! (^_^;)

    Elda Taluta; Sarks Sark; Ark Arks

Re^6: Status of Recent User Information Leak
by parv (Priest) on Aug 01, 2009 at 14:57 UTC

    Storing password either in plaintext or hashed version is not really much of consequence as after supplying login data, password is sent in plaintext from your user agent to the web server. (I would surely change my tune if/when the login starts taking place over an encrypted connection and passwords would still be stored in plaintext.)

    That is same as sensitive (for some definitions of it) emails being sent from banks or family in plaintext. How does it matter if they are encrypted after receiving?

Re^6: Status of Recent User Information Leak
by Porculus (Hermit) on Aug 02, 2009 at 09:59 UTC

    If a bank gave away the information they hold on me, I'd face the risk of losing all my property.

    If PerlMonks gives away all the information they hold on me, the worst thing that can possibly happen is that someone might pretend to be me on PerlMonks.

    I really don't think the two scenarios are comparable.

    Yes, storing passwords as plaintext was stupid. But let's get some perspective here. "Outrage" is a strange reaction to the leaking of passwords for a simple discussion forum; would it really affect your life significantly if someone else posted as Zen on PerlMonks? And anyone who was reusing the same password for more serious purposes elsewhere was being just as stupid.

      Hard to explain to someone like you who fundamentally agrees with blaming victims. I've done what was asked of me. Please do the right thing.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784990]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (5)
As of 2014-09-02 01:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (18 votes), past polls