Clearly, this was a disaster waiting to happen. Not that it would ever happen, but if websites were required to disclose how sensitive information was stored, I'd guess this sort of intrusion would be far less common, since no one would use a site that left passwords unencrypted/salted/hashed. Tuts+ is a HUGE service... 660 on Alexa today. I am beyond frustrated.
7 comments
[ 72.0 ms ] story [ 155 ms ] threadI don't care if they had a plan to move away from it. That's not good enough.
Seriously how fucking hard is it to do things properly?
Makes a big case for OAuth in my mind.
Plenty of developers have no fuckin clue about basic security, so why would users of a tutorial site?