Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
"be consistent"
 
PerlMonks  

Re^4: Status of Recent User Information Leak

by Argel (Prior)
on Aug 02, 2009 at 18:37 UTC ( #785266=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

There seem to be an awful lot of overreactions going on here. Breakins happen from time to time.
It's true that break-ins happen but I think a couple things make this different:
  1. With identity theft such a big deal these days and considering how much more hostile the Internet is (organized crime using botnets, etc.) the reaction is going to be stronger.
  2. Considering how many times people have told new Monks not to use clear text passwords, not to use weak algorithms, etc. I think many assumed this site was practicing what it preached.
  3. There is a difference between being told your account was hacked and finding out your information was published.
  4. And finally there is a huge difference between being told it was hacked and actually seeing your information listed in a hacker ezine!! There is nothing abstract about it after that!

I will close with a quote from this blog entry:

As a Perl developer, and CPAN author, this is a bit concerning. First, it would be one issue if this were just some random group of people whose passwords had been hacked, but this is a database of tens of thousands of developers, probably most with root access to the machines they write code on, and according to the hackers, many using passwords that are being re-used elsewhere. These are the passwords of developers like Chromatic, Brian D Foy, Andy Lester, engineers at major corporations and government entities, and more. The hackers couldn’t have picked a worse server to crack and expose.

I think it's for reasons like these that there has been such a strong reaction.

Update 2009-08-06: Looking at the ezine again I can add two more reasons. The hackers specifically stated that they "couldn't resist so many clear text passwords" (paraphrased) and that "several Monks reuse their respective passwords" (paraphrased). That indicates that non-PerlMonk accounts have been accessed. And as previously mentioned, keep in mind the breach occured over two months before it was discovered.

Elda Taluta; Sarks Sark; Ark Arks


Comment on Re^4: Status of Recent User Information Leak
Re^5: Status of Recent User Information Leak
by Anonymous Monk on Aug 04, 2009 at 08:20 UTC
    I think many assumed this site was practicing what it preached.

    It is alive now? And managed by all 50,000 members? ...

      Amazing! I was all ready to be persuaded by Argel's comments, but then I saw your post and with only two rhetorical questions you managed to convince me to completely disregard Argel's comments.

      NOT! (if that's too old skool you can subs "FAIL" instead, troll)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://785266]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (13)
As of 2014-04-18 19:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (471 votes), past polls