Komentarze

Profil ze zdalnego serwera może być niekompletny. Zobacz więcej na oryginalnej instancji.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Image was taken immediately before posting. The issue, apparently, has since shown up again.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

OP would do well to responsibly report it, rather than stirring up drama over a web forum account.

¿Porque no los dos?

Took them 23 years to fix it last time, seems public awareness would be important in the interim, no?

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Well it’s a good thing your opinion has no effect on reality.

Cabrio, (edited ) do games w Larion Studios forum stores your passwords in unhashed plaintext.

You encrypt the datastream from the text input on the client side before storing it in a variable. It’s not rocket science. I did this shit 20 years ago. Letting a plaintext password leave the user client is fucking stupid.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

If self awareness was a disease you’d be the healthiest person alive.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Sure, if you’re illiterate.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Lmao

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

It’s a good thing your opinion makes no difference then isn’t it.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

I haven’t looked into it but I was wondering about the logistics of setting up a federated honeypot for server side stream sniffing to build a plaintext email/password database.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Yes. I agree 100% with the things I can and I defer to your experience where I can’t. I used to write proprietary networking protocols 20 years ago and that’s the knowledge and experience I’m leaning on.

As a matter of practice we would ensure to process passwords by encrypting the datasteam directly from the input, and they were never unencrypted in handling, so as to protect against various system and browser vulnerabilities. It would be a big deal to have them accessible in plaintext beyond the user client, not to mention accessible and processable by email generation methods and insecure email protocols.

Cabrio, (edited ) do games w Larion Studios forum stores your passwords in unhashed plaintext.

Imagining thinking what’s popular is best. Betamax, HD DVD, Firewire, Ogg Vorbis, PNG, Firefox, Linux, Lemmy and friends, would all like a chat.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

Yes, which is why they’re vulnerable to mitm and local sniffer attacks.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

25, I used to write proprietary networking protocols.

Cabrio, do games w Larion Studios forum stores your passwords in unhashed plaintext.

The front end to backend traffic should be encrypted, hashing occurs on the backend. The backend should never have access to a variable with a plaintext password.

I’m going to have to stop replying because I don’t have the time to run every individual through infosec 101.

Cabrio, (edited ) do games w Larion Studios forum stores your passwords in unhashed plaintext.

You have the text input feed directly into the encryption layer without an intermediary variable. The plaintext data should never be passable to an accessible variable which it must be to send the plaintext password in the email because it’s not an asynchronous process.

I’m surprised so many people are getting hung up on basic infosec.

  • Wszystkie
  • Subskrybowane
  • Moderowane
  • Ulubione
  • rowery
  • Psychologia
  • Blogi
  • Gaming
  • muzyka
  • nauka
  • FromSilesiaToPolesia
  • niusy
  • Spoleczenstwo
  • lieratura
  • slask
  • tech
  • giereczkowo
  • sport
  • test1
  • informasi
  • ERP
  • fediversum
  • motoryzacja
  • Technologia
  • esport
  • krakow
  • antywykop
  • Cyfryzacja
  • Pozytywnie
  • zebynieucieklo
  • kino
  • warnersteve
  • Wszystkie magazyny