Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Let's hope they have made an algorithm which can tell if a hash has special chars ;)
-
Root797677yHow to deal with proud/smug idiots ignoring you:
1) inform them of the problem
2) give them some time to get back to you
If they dont:
3) find an exploit(there's probably plenty)
4) copy insecure sensitive info from their db (e.g. user credentials)
5) email them a copy along with "Are you going to listen now?"
6) revel in their panic
7) laugh
8) watch it get patched immediately
9) laugh again.
If they give you shit, inform their boss/CTO.
Cleartext passwords are completely intolerable. -
boss10287yFirst they store passwords in plain text. And then they mail you that they store the passwords in plain text.
Wow.
How much dumber can they go ? -
Probably just a flag raised before the password is hashed to check for special characters? I'd do anything to avoid believing that someone would be stupid enough to store plaintext passwords
-
damiano07yRegex, pattern checking we done that for server side validation, the systems could have been updated that runs through passwords on the dB, all passwords have to be stored somewhere.. Otherwise who's to say that everyone's password is mine when I want to log in
-
Root797677y@damiano hashing algorithms. Passwords aren't stored anywhere, only their salted hashes are.
Apart from brute-forcing the hashes, there is no way to determine what the original passwords are. -
epiz1397y@firefish it's easy to get or guess many student emails so I wouldn't be surprised if it was phishing and a whole bunch of students are getting caught. The only way to know would be to go to the site directly and either find corroborating messaging or contact someone who would know.
Related Rants
-
nanoandrew446!rant *walks into university library* *sits down at a computer 😶* *looks around to see if anyone is look...
-
Fenix14DO YOU FUCKING SERIOUSLY TELL US IN THE SECOND SEMESTER OF OUR MASTERS DEGREE THAT WE SHOULD BE CAREFUL THAT A...
-
castor-rg25!Rant I GRADUATED FROM COLLEGE TODAY WITH MY DEGREE IN COMPUTER SCIENCE! Now to find a job :D
Just received a mail from my college that my college's student account password does not contain any special characters and I should change it immediately. Wtf? How did they know that?
undefined
university
passwords stupid practices