Clear text passwords
Engle, Perry
pengle at mitre.org
Mon Nov 5 22:04:07 UTC 2012
Hello - It's been happening for a while, but it's really (really) time to end storing clear text passwords in the database. It's *LONG* past time to send them in email to your users.
If you'd like proof, go to
http://plaintextoffenders.com/submit
And
http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/
Of all places, Fedora and Red Hat should be leading this charge.
Thanks for listening,
Perry Engle
Lead Cyber Security Engineer, Section Leader
The MITRE Corporation, Department G026
(o) 781-271-2349 (m) 617-893-0058
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/websites/attachments/20121105/7e3b24fa/attachment.html>
More information about the websites
mailing list