Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: What happened?

by mzedeler (Pilgrim)
on Jul 29, 2009 at 08:28 UTC ( #784157=note: print w/replies, xml ) Need Help??

in reply to What happened?

I didn't get this message and found that its because I'm not a user with 3000+ xp. But that just made me even more worried - does the code really store passwords in different places and with different encoding schemes depending on the user status?

Also, what steps are the janitors taking to restore in order to ensure that the hackers doesn't have access any longer?

Replies are listed 'Best First'.
Re^2: What happened?
by afoken (Canon) on Jul 29, 2009 at 09:19 UTC

    What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
      Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
        Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.

        If your password is listed, anyone can use your password to change your posts, or worse: change your password so you can't change it yourself, later.

        If you change it now, your new (temporary) password would still be stored in clear text, on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed to just reading a magazine that has probably been copied over a million times already.

Re^2: What happened?
by Anonymous Monk on Jul 29, 2009 at 08:34 UTC
    does the code really store passwords in different places and with different encoding schemes depending on the user status?

    No, only 3000+ xp were selected for exposure

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784157]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2020-08-15 14:00 GMT
Find Nodes?
    Voting Booth?
    Which rocket would you take to Mars?

    Results (78 votes). Check out past polls.