http://www.perlmonks.org?node_id=784223


in reply to Re^4: It's Time for Everyone to Change Passwords!
in thread It's Time for Everyone to Change Passwords!

so most of those passwords might be working

Oh yeah, absolutely. And even if someone has changed their password between Apr. 15th and now they should still change it again now (and probably again after the gods declare the crisis to be over) just to be sure.

I just mentioned this (i.e. the date of the information not necessarily indicating when the hack occurred) to prevent a false sense of security (as in "Oh well, nothing bad has happened since April so I guess it's ok").


All dogma is stupid.

Replies are listed 'Best First'.
Re^6: It's Time for Everyone to Change Passwords!
by m0ve (Scribe) on Jul 29, 2009 at 12:49 UTC
    i agree, however i think the hack was done just to prove the site is vulnerable. 

    There is a really simple reason we owned PerlMonks: we couldn't resist
+ more than 50,000 unencrypted programmer passwords.

[snip]

These Perl guys are alright, just a little dumb apparently.
A lot of them reuse.

    [download]
    else they would have done what they usually do : rm -rf /*

    update : if they knew it wasn't an active box there may have been not much of a point to rm -rf /* but i guess they could have still shut perlmonks down with the obtained data...
[reply]
[d/l]
[select]
      i think the hack was done just to prove the site is vulnerable.

      I agree, however hacking a site that never claimed not to be vulnerable is a bit... pointless.

      From Fausty's comment on wired:
      Yay, how brave and skillful to “hack” something that’s already public, provided for free, and supported by volunteers.

      "programmers passwords?" No, guys, just Monks passwords, for a site which runs http, that obviously stores passwords in plain text ("mail me my password"). Geez...

[reply]

In Section Perl Monks Discussion