HN - Insecure Password Practices
HN passwords are sent over plain-text HTTP posts during logons and resets. Also, simple passwords such as '1234' are acceptable. As hackers and implementers who should have an interest in security isn't this a bad example to set... especially with all the recent password compromises and the endemic re-use of passwords?
Some wireshark pics here: http://imgur.com/a/69dcm
3 comments
[ 4.8 ms ] story [ 15.6 ms ] thread1) the data being accessed is important. 2) the user reuses credentials.
hopefully no one here is doing #2. and i certainly don't consider #1 to be true for me. if someone were to post as me... we'll that sucks but it isn't the end of the world.