[ubuntu-us-mi] Linux.com

Matt Michielsen matt at michielsen.us
Thu May 14 17:24:16 BST 2009

You're absolutely right.  I definitely have my doubts about their care
for/knowledge of basic security practices after sending out passwords
through email.  However, it looks like they're using Joomla, which uses MD5
password encryption by default.  I guess I shouldn't be so cynical.

On Thu, May 14, 2009 at 10:56 AM, Scott Moser <smoser at brickies.net> wrote:

> On Thu, 14 May 2009, Matt Michielsen wrote:
> > Looks like they're still storing in plain-text.  Here's their fix:
> >
> > Password: [not sent for your security]
> Unless you've looked at their source, you don't actually know that
> they're storing it in plaintext.  You only know that they sent you an
> email with a string that you provided them with.
> They could just send you the plaintext value, and store the hashed, then
> once email is sent they'd never see that plaintext again.
> In that case, the above would be a "real" fix.
> --
> ubuntu-us-mi mailing list
> ubuntu-us-mi at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-mi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-mi/attachments/20090514/a84075c9/attachment.htm 

More information about the ubuntu-us-mi mailing list