Re^5: Status of Recent User Information Leak
by Anonymous Monk on Aug 01, 2009 at 02:16 UTC
|
I'm not apologizing. The outrage is what is tiring and counter-productive.
I'm sorry you feel a free website owes you bank level security.
Like a building with high level of security, but once inside "personal records" are only secured by padlock.
Did it promise you security from breaking/entering? No.
They're not protecting your money, only one single word, your password.
Ok, 3 words if you put in your real name.
Be outraged at yourselves for
- put in personal information into random website
- reuse passwords
- confuse random website with a bank or shopping site
| [reply] |
|
| [reply] |
|
So I am an apologist? Learn something new every day :) Thanks mother
| [reply] |
|
Hell no. This is a developer resource, by and for developers. The fact that they stored plaintext passwords, which has been a worst practice since the invention of the hashing algorithm is in one word: Outrageous. This stuff is so basic, so incredibly basic, that there is no excuse. If you can't even bother hashing your passwords, you should be banned from posting code on the internet altogether.
| [reply] |
Re^5: Status of Recent User Information Leak
by Zen (Deacon) on Jul 31, 2009 at 20:23 UTC
|
My outrage was deemed paranoia in the face of a horde of apologists. We need less anonymonk posts on this and say it plainly: the conduct was not acceptable. My thank you's are hard to find when the persons I am supposed to thank are at fault to begin with. If a bank gave away your personal info and didn't notify you, but said they'd get around to fixing it someday, do you send them an e-card? | [reply] |
|
If a bank gave away the information they hold on me, I'd face the risk of losing all my property.
If PerlMonks gives away all the information they hold on me, the worst thing that can possibly happen is that someone might pretend to be me on PerlMonks.
I really don't think the two scenarios are comparable.
Yes, storing passwords as plaintext was stupid. But let's get some perspective here. "Outrage" is a strange reaction to the leaking of passwords for a simple discussion forum; would it really affect your life significantly if someone else posted as Zen on PerlMonks? And anyone who was reusing the same password for more serious purposes elsewhere was being just as stupid.
| [reply] |
|
Hard to explain to someone like you who fundamentally agrees with blaming victims. I've done what was asked of me. Please do the right thing.
| [reply] |
|
Storing password either in plaintext or hashed version is not really much of consequence as after supplying login data, password is sent in plaintext from your user agent to the web server. (I would surely change my tune if/when the login starts taking place over an encrypted connection and passwords would still be stored in plaintext.)
That is same as sensitive (for some definitions of it) emails being sent from banks or family in plaintext. How does it matter if they are encrypted after receiving?
| [reply] |
|
Well, would you consider sending an e-card if it had some cross-site scripting attacks embedded?!? (^_^) Just kidding of course, but I couldn't resist! (^_^;)
Elda Taluta; Sarks Sark; Ark Arks
| [reply] |
Re: Status of Recent User Information Leak
by jonadab (Parson) on Aug 05, 2009 at 14:31 UTC
|
Actually, I happen to rather like Kool-Aid, especially in this kind of weather. (However, my favorite flavour is kiwi-lime, not grape.)
| [reply] |