Flutterby™! : Facebook Lite passwords in plain text

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Facebook Lite passwords in plain text

2019-03-21 17:12:59.408345+01 by Dan Lyke 0 comments

If I could rewrite computer science curriculum, day 1 would be "don't ever store passwords in plain text, ever, and overwrite any memory in which they were stored as soon as possible".

Yes, I know many languages don't allow you to overwrite specific memory, and maybe we should look at why we write code that handles secure information in those languages...

But seriously: This practice apparently started in 2012, which means that this wasn't like some 1990s Matt's Script Archive boneheaded maneuver, this was a failure of process in a company that's allegedly hiring top people.

Krebs on Security: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

[ related topics: Interactive Drama ]

comments in ascending chronological order (reverse):