Do you remember what happened today, 10 years ago?
So, what happened?
What happened? happened.
Some script-kiddie has demonstrated that storing passwords in plain text was (and still is) a pretty stupid idea. Caught perlmonks with pants down.
Promises were made:
Closing the Hole
PerlMonks admins are working with the Pair.com folks (who manage our hardware and connectivity resources) to evaluate and strengthen security on the servers. No information is available at this time as to the status of this effort.
The administrators are planning to implement hashed passwords (allowing more than 8 chars).
Now guess the current state. Or, just test it: Enter your user name into What's my password?. Click the submit button. Open your mail box.
This is what I received:
From: email@example.com Subject: Password Mail Date: Mon, 29 Jul 2019 12:46:51 -0400 X-Mailer: Perl script "index.pl" using Mail::Sender 0.8.10 by Jenda Krynicky, Czechlands running on perlmonks.com (220.127.116.11) under account "root" Message-ID: <firstname.lastname@example.org> Hey there. You or someone else has requested a password for your username or e-mail address. Before you freak out, take a few deep breaths and remember that it's YOU and not THEM who is getting this password. Here's your info: username: afoken passwd: *** DELETED FROM THE MAIL BODY *** human name: Alexander Foken love, the management http://perlmonks.org/
Perlmonks' pants are still down, ten years later.
- Status of Recent User Information Leak
- It's Time for Everyone to Change Passwords!
- Anger Management
- Tidings (nothing to see here)
- Tidings through 2014-11-10 (longer plain text passwords)
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
|Replies are listed 'Best First'.|
Re: It's been ten years ...
by haj (Deacon) on Jul 29, 2019 at 19:24 UTC