Spot the problem…..

Viewing 8 reply threads
  • Author
    Posts
    • #7849
      S3curityM0nkey
      Participant

      Can anyone see the problem with the tech guys reply?

      https://gist.github.com/3497955

      :-

    • #49427
      jjwinter
      Participant

      **raises hand**

      1) They will snail mail your password to you….

      2) To an ADDRESS YOU CAN CHANGE!!!

    • #49428
      S3curityM0nkey
      Participant

      …..AND…..

    • #49429
      jjwinter
      Participant

      Well, the whole hint giving thing is just weird.

      “Your password rhymes with ‘nassword'”

      and starts with a P and ends with a D.

      ???

      Why even have passwords. Just use the honor system 😉

    • #49430
      S3curityM0nkey
      Participant

      So do you  think they store the password in clear text… and the tech support people have access to view your password!

      “A hint to your password is that it begins with s and ends with j”

      Bit of a fail I think!

    • #49431
      jjwinter
      Participant

      Didn’t even think of that. Wow.

      The more I learn about security, the less evidence I see of it being used.

    • #49432
      shadowzero
      Participant

      @SecurityMonkey wrote:

      So do you  think they store the password in clear text… and the tech support people have access to view your password!

      “A hint to your password is that it begins with s and ends with j”

      Bit of a fail I think!

      I assumed that was more like a hint the user provides to himself, like “My mother’s maiden name” sort of thing.

    • #49433
      dynamik
      Participant

      @shadowzero wrote:

      @SecurityMonkey wrote:

      So do you  think they store the password in clear text… and the tech support people have access to view your password!

      “A hint to your password is that it begins with s and ends with j”

      Bit of a fail I think!

      I assumed that was more like a hint the user provides to himself, like “My mother’s maiden name” sort of thing.

      Hah, that’s where I went too. I can envision the scenario where he forgot he set his own password hint that way and proceeds to get all uppity because he thought they were storing the password in plain text and giving out random hints.

      Bonus points if the only reason he used that password hint was because they wouldn’t let the hint contain the password itself 😀

    • #49434
      Jamie.R
      Participant

      its a good sing they using the plaintext protocol or an encryption that can b reserved but both are really bad.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?