|Problems? Is your data what you think it is?|
It's been ten years ...by afoken (Canon)
|on Jul 29, 2019 at 17:06 UTC||Need Help??|
Do you remember what happened today, 10 years ago?
So, what happened?
What happened? happened.
Some script-kiddie has demonstrated that storing passwords in plain text was (and still is) a pretty stupid idea. Caught perlmonks with pants down.
Promises were made:
Now guess the current state. Or, just test it: Enter your user name into What's my password?. Click the submit button. Open your mail box.
This is what I received:
From: email@example.com Subject: Password Mail Date: Mon, 29 Jul 2019 12:46:51 -0400 X-Mailer: Perl script "index.pl" using Mail::Sender 0.8.10 by Jenda Krynicky, Czechlands running on perlmonks.com (18.104.22.168) under account "root" Message-ID: <firstname.lastname@example.org> Hey there. You or someone else has requested a password for your username or e-mail address. Before you freak out, take a few deep breaths and remember that it's YOU and not THEM who is getting this password. Here's your info: username: afoken passwd: *** DELETED FROM THE MAIL BODY *** human name: Alexander Foken love, the management http://perlmonks.org/
Perlmonks' pants are still down, ten years later.
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)