Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Watch this topic Create new topic
1 | ... | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36
6703 posts

Uber Geek
+1 received by user: 613

Trusted
Subscriber

  Reply # 695600 3-Oct-2012 16:03 Send private message quote this post

jbard: I think you should reply to him with the evidence to the contray, so that it's clear that this isn't the case. He may well be being mislead and this kind of thing is likely to stop the site being decent ever unless he gains an understanding he is being fed the wrong information.

756 posts

Ultimate Geek
+1 received by user: 26


  Reply # 695601 3-Oct-2012 16:04 Send private message quote this post

jbard: 
This part is interesting:

"Please rest assured that your password has been, at all times, strongly encrypted and stored in our database." 


It is very clear this wasn't the case at all. I wonder if this is something being spun to him by the Indian developers or if he actually believes this?


Maybe the passwords were stored in their database in an encrypted format, just not hashed?

1568 posts

Uber Geek
+1 received by user: 9

Subscriber

  Reply # 695602 3-Oct-2012 16:05 Send private message quote this post

Please correct me if I'm wrong, but the fact they had the means to send the password out via a 'forgot password' email in plain text clearly suggests that they at least had the means to decrypt said "encrypted" passwords.

This is the complete opposite of secure.

Awesome
3842 posts

Uber Geek
+1 received by user: 364

Trusted
Subscriber

  Reply # 695603 3-Oct-2012 16:06 Send private message quote this post

I just got exactly the same email Mauricio got in response to my offer of services.

Sending out a template that didn't really address my email at all...




Twitter: ajobbins

Awesome
3842 posts

Uber Geek
+1 received by user: 364

Trusted
Subscriber

  Reply # 695607 3-Oct-2012 16:08 Send private message quote this post

dontpanic42: Please correct me if I'm wrong, but the fact they had the means to send the password out via a 'forgot password' email in plain text clearly suggests that they at least had the means to decrypt said "encrypted" passwords.

This is the complete opposite of secure.


Oh the stories I could tell you about other large organisations doing just this who's information is a lot more sensitive than a little kiwi auction site....




Twitter: ajobbins

6703 posts

Uber Geek
+1 received by user: 613

Trusted
Subscriber

  Reply # 695609 3-Oct-2012 16:08 Send private message quote this post

ajobbins:
dontpanic42: Please correct me if I'm wrong, but the fact they had the means to send the password out via a 'forgot password' email in plain text clearly suggests that they at least had the means to decrypt said "encrypted" passwords.

This is the complete opposite of secure.


Oh the stories I could tell you about other large organisations doing just this who's information is a lot more sensitive than a little kiwi auction site....


LOTS and LOTs of sites do this.

Have plan, send $NZD50m
3442 posts

Uber Geek
+1 received by user: 67

Subscriber

  Reply # 695611 3-Oct-2012 16:10 Send private message quote this post

Techday hit my email inbox this morning as well... seems the media are roasting and toasting this one...





Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - [email protected]


1282 posts

Uber Geek
+1 received by user: 8


  Reply # 695612 3-Oct-2012 16:10 Send private message quote this post

MurrayM:
jbard: 
This part is interesting:

"Please rest assured that your password has been, at all times, strongly encrypted and stored in our database." 


It is very clear this wasn't the case at all. I wonder if this is something being spun to him by the Indian developers or if he actually believes this?


Maybe the passwords were stored in their database in an encrypted format, just not hashed?



Yeah they might have been encrypted but this is from safe and secure. Anyone who knows how Google works would have been able to decrypt the passwords if a list had been leaked.

I feel it is pretty misleading to make that sort of statement. For the average consumer they would take his word for it.

2899 posts

Uber Geek
+1 received by user: 882


  Reply # 695617 3-Oct-2012 16:13 Send private message quote this post

DonGould: Techday hit my email inbox this morning as well... seems the media are roasting and toasting this one...



I love Wheedle self description in their vacancy Ad  "Wheedle Limited is a successful online web service business with its head office located in Christchurch, New Zealand."

Say what now? successful? where?
 




Mike

 Interesting. You're afraid of insects and women. Ladybugs must render you catatonic.

6846 posts

Uber Geek
+1 received by user: 317


  Reply # 695619 3-Oct-2012 16:15 Send private message quote this post

KiwiNZ:
DonGould: Techday hit my email inbox this morning as well... seems the media are roasting and toasting this one...



I love Wheedle self description in their vacancy Ad ?"Wheedle Limited is a successful online web service business with its head office located in Christchurch, New Zealand."

Say what now? successful? where?
?


I guess it depends on the true definition of successful. But I would think that to be successful that you have to be trading and making money.

6703 posts

Uber Geek
+1 received by user: 613

Trusted
Subscriber

  Reply # 695621 3-Oct-2012 16:15 Send private message quote this post

KiwiNZ:
DonGould: Techday hit my email inbox this morning as well... seems the media are roasting and toasting this one...



I love Wheedle self description in their vacancy Ad  "Wheedle Limited is a successful online web service business with its head office located in Christchurch, New Zealand."

Say what now? successful? where?
 


Ah C'mon, what do you want them to say? Who wants to work for an unsuccessful company!



2438 posts

Uber Geek
+1 received by user: 218

Trusted
Subscriber

  Reply # 695624 3-Oct-2012 16:16 Send private message quote this post

DonGould: That was my initial thought when we started to see log on errors showing up and MF posted about being able to see other peoples details after he'd logged in.

I wish them good luck getting that one sorted out if that's the case.  The JDF that someone posted suggested to me that they weren't asking for people with proven experience in that space.


But the thing is that with any knowledge of how session management works in .NET, this sort of thing would not have happened.  It's quite easy to either a) enable "sticky sessions" on your F5 BigIP LTMs or Citrix Netscalers, or b) enable ASP.NET State Server or SQL Session State support for the .NET application and have all the frontend nodes use the same data store and machine keys for session storage.  It's scalability 101 for .NET application architecture.  Coupled with the fact that they could recover your password - something that could have been improved upon by using ASP.NET membership providers for heck sake! - and it's clear that they did not pick a good team.

I've seen some really bright cookies in India (and 90% of the team I work with now are Indian and do an exceptional job) and I've seen some terrible ones (in my previous job, the Indian outsourcing provider screwed up so badly, they flew their developer to us in NZ to do the job properly!) so it's not necessarily even the outsourcing that's the problem, it's just the fact that... well, the people they chose to do the job didn't know what they were doing.

756 posts

Ultimate Geek
+1 received by user: 26


  Reply # 695625 3-Oct-2012 16:16 Send private message quote this post

jbard:
MurrayM:
jbard: 
This part is interesting:

"Please rest assured that your password has been, at all times, strongly encrypted and stored in our database." 


It is very clear this wasn't the case at all. I wonder if this is something being spun to him by the Indian developers or if he actually believes this?


Maybe the passwords were stored in their database in an encrypted format, just not hashed?



Yeah they might have been encrypted but this is from safe and secure. Anyone who knows how Google works would have been able to decrypt the passwords if a list had been leaked.

I feel it is pretty misleading to make that sort of statement. For the average consumer they would take his word for it.

Yup the average person will hear that the passwords are encrypted and think that that makes them secure!  Whereas we know better...

Awesome
3842 posts

Uber Geek
+1 received by user: 364

Trusted
Subscriber

  Reply # 695628 3-Oct-2012 16:17 Send private message quote this post

networkn:
ajobbins:
dontpanic42: Please correct me if I'm wrong, but the fact they had the means to send the password out via a 'forgot password' email in plain text clearly suggests that they at least had the means to decrypt said "encrypted" passwords.

This is the complete opposite of secure.


Oh the stories I could tell you about other large organisations doing just this who's information is a lot more sensitive than a little kiwi auction site....


LOTS and LOTs of sites do this.


One in particular I know about (Overseas) is a shocker. Also, the market incumbent should be careful about what they say on the topic too ;)




Twitter: ajobbins

1080 posts

Uber Geek
+1 received by user: 52


  Reply # 695631 3-Oct-2012 16:19 Send private message quote this post

KiwiNZ:
DonGould: Techday hit my email inbox this morning as well... seems the media are roasting and toasting this one...



I love Wheedle self description in their vacancy Ad ?"Wheedle Limited is a successful online web service business with its head office located in Christchurch, New Zealand."

Say what now? successful? where?
?


Yeah I read that too my first thought was well you are atleast succeeding in one thing and that would be " Failure "




Asus Crosshair V Formula AMD FX8320, 8GB Corsair Vengence LP, 2X Sapphire Radeon HD7850 2GB 1000/1300, 1x WesternDigital WD2500AAJS 7200rpm 8MB cache SATAII , 1x Samsung spinpoin F1 HD502IJ 1x storage mode, 2x Samsung Spinpoint F1 HD502IJ RAID0 Boot, 1x Pioneer DVR212s 18x DVDRW, SilverStone ST75F-P (750W) Full Modular PSU, OS WIN7 x64 ultimate SP1 (7601), SilverStone RaVeN RV02B-W (with USB3.0 upgrade)

1 | ... | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36
View this topic in a long page with up to 500 replies per page Watch this topic Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by nathan on 26-Jul-2014 04:30 (68 replies)
Pages... 3 4 5


MH 17 "shot down" all dead
Created by joker97, last reply by ScuL on 24-Jul-2014 21:40 (203 replies)
Pages... 12 13 14


Geekzone giveaway: Thecus N2310 NAS
Created by freitasm, last reply by rphenix on 26-Jul-2014 22:20 (92 replies)
Pages... 5 6 7


Pursuing someone who owes money - What to do?
Created by TimA, last reply by TimA on 26-Jul-2014 17:43 (19 replies)
Pages... 2


Is chorus going to deliberately slow adsl internet down
Created by rugrat, last reply by juha on 26-Jul-2014 14:25 (54 replies)
Pages... 2 3 4


What Size iphone 6 will you be buying?
Created by mattbush, last reply by myopinion on 26-Jul-2014 20:19 (35 replies)
Pages... 2 3


Skinny's new aggressive ad campaign
Created by Yabanize, last reply by Yabanize on 22-Jul-2014 23:35 (52 replies)
Pages... 2 3 4


Sickening floral smell in car, What next?
Created by TimA, last reply by Athlonite on 26-Jul-2014 14:42 (48 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.