http://www.perlmonks.org?node_id=11103591

Do you remember what happened today, 10 years ago?

No, not my first posting, that was a little bit earlier, still as Anonymous Monk. (Probably this one.)

Also not my first posting as afoken, also a little bit earlier.

So, what happened?

What happened? happened.

Some script-kiddie has demonstrated that storing passwords in plain text was (and still is) a pretty stupid idea. Caught perlmonks with pants down.

Promises were made:

Closing the Hole

PerlMonks admins are working with the Pair.com folks (who manage our hardware and connectivity resources) to evaluate and strengthen security on the servers. No information is available at this time as to the status of this effort.

Strengthening Authentication

The administrators are planning to implement hashed passwords (allowing more than 8 chars).

Now guess the current state. Or, just test it: Enter your user name into What's my password?. Click the submit button. Open your mail box.

This is what I received:

From: vroom@perlmonks.org
Subject: Password Mail
Date: Mon, 29 Jul 2019 12:46:51 -0400
X-Mailer: Perl script "index.pl"
        using Mail::Sender 0.8.10 by Jenda Krynicky, Czechlands
        running on perlmonks.com (216.92.34.251)
        under account "root"
Message-ID: <20190729_164651_081604.vroom@perlmonks.org>

Hey there.
You or someone else has requested a password for your username or e-mail
address.
Before you freak out, take a few deep breaths and remember that it's YOU
and not THEM who is getting this password.

Here's your info:

username: afoken
passwd: *** DELETED FROM THE MAIL BODY ***
human name: Alexander Foken

love, the management
http://perlmonks.org/

CONGRATULATIONS!

Perlmonks' pants are still down, ten years later.

See also:

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)