Facebook Lite passwords in plain text
2019-03-21 16:12:59.408345+00 by Dan Lyke 0 comments
If I could rewrite computer science curriculum, day 1 would be "don't ever store passwords in plain text, ever, and overwrite any memory in which they were stored as soon as possible".
Yes, I know many languages don't allow you to overwrite specific memory, and maybe we should look at why we write code that handles secure information in those languages...
But seriously: This practice apparently started in 2012, which means that this wasn't like some 1990s Matt's Script Archive boneheaded maneuver, this was a failure of process in a company that's allegedly hiring top people.
Krebs on Security: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years