linear a writes: I've noticed that quite a few web sites do *not* encrypt user passwords. I've gotten into the habit of hitting the "email me my password" from them to see what happens. So far I've found maybe 6 that must store passwords in clear since they were able to return the original password back to me. Clearly this is Bad Security Practice. Also, I've had notably bad progress when I ask them to fix this practice. Some of these are sites one would clearly expect to have better security (e.g., a software vendor and an online bank).
Do you have thoughts on how to better encourage better password practice at these places? Also, is this is really as common as it seems to be for me?
taoman1 writes: Google Inc. has developed a prototype cell phone that could reach markets within a year, and plans to offer consumers free subscriptions by bundling advertisements with its search engine, e-mail and Web browser software applications, according to a story published Thursday in The Wall Street Journal.
Lucas123 writes: "A new study from UCLA showed that monkeys, like humans, learn faster by being actively involved in the learning process rather than just having information placed before them, according to a story in ScienceDaily. In the study, two rhesus macaque monkeys learned to put up to 18 photos on an ATM-like touch screen in a row. 'The monkeys did much better on the first three days when they had the help than when they didn't, but on the test day, it completely reversed.'" Link to Original Source
fdmendez writes: "An unsuspecting informant accidentally stumbled upon a Blu-ray enabled Wii while visitng Nintendo's R&D facility. Apparently the bathroom wasn't that easy to find.
While searching for the bathroom, the unnamed informant took a wrong turn Willy Wonka style and opened the wrong door. Upon entering the room, he noticed a small group of Nintendo employees (engineers?) watching a movie on what looked like a Nintendo Wii. The informant recounted the details to the Sarcastic Gamer, but made it unclear if the movie playing abilites were a hardware add-on, a software upgrade, or a brand new Wii model. Regardless, he took several mental notes about the situation." Link to Original Source
juct writes: "News from the "they-could-have-known-better-department":
As heise Security reports OpenBSD changed the buggy implementation of the pseudo random number generator before switching from BIND 8 to Bind 9 back in 1997. So OpenBSD was not affected by the recent Cache Poisoning problem in Bind 9. According to Theo deRaadt the OpenBSD team even told ISC that their PRNG was flawed — but "the didn't listen"." Link to Original Source
DrNibbler writes: "Back in June, there was a post from someone to thinking he was infected by spyware since he was getting additional ads from a company called "Fair Eagle" inserted on all the pages he visits. After a little analysis he found this happened from his home but not from his office and mentioned that his ISP is MoonOverAddison and it appeared that they were inserting the advertisements. This is an article describing the issue and some of the effects for content providers." Link to Original Source