computer security and stolen passwords
Jan. 29th, 2009 01:13 amApparently monster.co.uk got hacked (although the bar for what qualifies as 'hacking' has seriously lowered these days) and everybody's passwords on there are considered compromised. So if you have an account on there, and you use that password anywhere else of importance, time to change it.
(At this point I expect some smart-ass to comment about how you should use a different password for every site. I can only imagine you'd have to be autistic or something to remember a different password for each of the sites you could end up on.)
Anyway, they decided not to tell everybody about this, but instead have left a message buried on the right hand side of their front page, assuming everybody will visit their site regularly. Because, obviously, nobody actually GETS A JOB USING THEIR SERVICE and therefore no longer needs to visit the site, do they?
On the letter they've put up about this issue, they boast, "Monster has made, and will continue to make, a significant investment in enhancing data security, and we believe that Monster’s security measures are as, or more, robust than other sites in our industry." So, they think that not a single job-site online has considered storing encrypted or hashed passwords instead of plain-text ones? Imbeciles.
They also say, "no company can completely prevent unauthorized access to data" which is also very misleading, albeit no more misleading than many other statements that the computing industry likes to put out to excuse the failings in process and product that they inflict on the world. I wonder why software developers seem to rush out flawed products and services more often than other industries? When will it change?
(At this point I expect some smart-ass to comment about how you should use a different password for every site. I can only imagine you'd have to be autistic or something to remember a different password for each of the sites you could end up on.)
Anyway, they decided not to tell everybody about this, but instead have left a message buried on the right hand side of their front page, assuming everybody will visit their site regularly. Because, obviously, nobody actually GETS A JOB USING THEIR SERVICE and therefore no longer needs to visit the site, do they?
On the letter they've put up about this issue, they boast, "Monster has made, and will continue to make, a significant investment in enhancing data security, and we believe that Monster’s security measures are as, or more, robust than other sites in our industry." So, they think that not a single job-site online has considered storing encrypted or hashed passwords instead of plain-text ones? Imbeciles.
They also say, "no company can completely prevent unauthorized access to data" which is also very misleading, albeit no more misleading than many other statements that the computing industry likes to put out to excuse the failings in process and product that they inflict on the world. I wonder why software developers seem to rush out flawed products and services more often than other industries? When will it change?