Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re^2: What happened?

by afoken (Canon)
on Jul 29, 2009 at 09:19 UTC ( #784184=note: print w/replies, xml ) Need Help??

in reply to Re: What happened?
in thread What happened?

What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.


Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Replies are listed 'Best First'.
Re^3: What happened?
by jrsimmon (Hermit) on Jul 29, 2009 at 15:25 UTC
    Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
      Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.

      If your password is listed, anyone can use your password to change your posts, or worse: change your password so you can't change it yourself, later.

      If you change it now, your new (temporary) password would still be stored in clear text, on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed to just reading a magazine that has probably been copied over a million times already.

        users who havent logged into perlmonks in over a year should have their passwords changed by gods

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784184]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (6)
As of 2020-09-21 16:39 GMT
Find Nodes?
    Voting Booth?
    If at first I donít succeed, I Ö

    Results (126 votes). Check out past polls.