perlmonks.org site User Information Leak
Lisa Kachold
lisakachold at obnosis.com
Fri Jul 31 11:05:41 MST 2009
It was an encroachment born of failure in input/output sanitation,
which is long and code intensively difficult in perl, especially in
the epoch this site was developed.
It was lack of development testing that assisted; and it was also due
to failure to upgrade OpenSSL, Apache2 and it was failure to require
users to rotate passwords.
Blaming users for insecure passwords is silly and while it might work
for the masses, frankly it's just as bad as the triangulation inherent
in development of the Holy Trinity of Perl [v6] (which should have
been implemented 10 years ago).
On 7/31/09, Stephen <cryptworks at gmail.com> wrote:
> i dont think it was blaming the passwords as much as just making sure
> you changed it after the fact...
>
> On Fri, Jul 31, 2009 at 8:42 AM, Lisa Kachold<lisakachold at obnosis.com>
> wrote:
>> Hmmm?
>>
>> Blaming this on simple passwords is irresponsible!
>>
>> On 7/30/09, Ben <azlobo73 at gmail.com> wrote:
>>> You might want to change your password.
>>>
>>> http://www.perlmonks.org/?node_id=784737
>>> http://perlbuzz.com/2009/07/perlmonks-users-your-passwords-have-been-published.html
>>>
>>> Ben
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>
>>
>> --
>>
>> (623)239-3392
>> (503)754-4452 www.obnosis.com
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
(623)239-3392
(503)754-4452 www.obnosis.com
More information about the PLUG-discuss
mailing list