ISP hacked
-
Moved my primary mail to the ISP, since I'm feeling tracked on Google. KPN, the largest ISP in the Netherlands, has been hacked as they put it. I just received an email telling me that I should reset my password, simply because those were leaked too. The largest Dutch ISP has not yet learnt how to securely store a password. No, that's not even the reason for posting in the Hall of Shame; right after this mess they claim that they're "encrypting passwords" in UTF-8[^]. Tweet is in Dutch. Translated;
Passwords of KPN are encrypted using UTF8
I'll even be moving my money from the bank tomorrow unless they can prove that they're not saving my password in plain-text format.
Bastard Programmer from Hell :suss:
Might be a badly communicated way of saying that they base64 encode the (now?) encrypted password so it can go into a UTF-8 database field. I agree with you though, given that they've been compromised, they need to be forced to clarify their meaning before they can be trusted... especially because it could be an indication of cluelessness on their part. If they refuse and give some compromising-security excuse, drop them if you can -- those kinds of excuses are nothing more than a way of saying that they believe obscurity is the same thing as security.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
Might be a badly communicated way of saying that they base64 encode the (now?) encrypted password so it can go into a UTF-8 database field. I agree with you though, given that they've been compromised, they need to be forced to clarify their meaning before they can be trusted... especially because it could be an indication of cluelessness on their part. If they refuse and give some compromising-security excuse, drop them if you can -- those kinds of excuses are nothing more than a way of saying that they believe obscurity is the same thing as security.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
It's obvious that all of you have missed the reason for the UTF-8 encryption. Do you realize how hard it is to process the new passwords for mailing if they are encrypted? Do you realize how much effort is involved to get that information? Heavens! Why next, you'll be wanting to secure your on-line financial dealings!!!! /sarcasm :-D
Cegarman document code? If it's not intuitive, you're in the wrong field :D
-
Moved my primary mail to the ISP, since I'm feeling tracked on Google. KPN, the largest ISP in the Netherlands, has been hacked as they put it. I just received an email telling me that I should reset my password, simply because those were leaked too. The largest Dutch ISP has not yet learnt how to securely store a password. No, that's not even the reason for posting in the Hall of Shame; right after this mess they claim that they're "encrypting passwords" in UTF-8[^]. Tweet is in Dutch. Translated;
Passwords of KPN are encrypted using UTF8
I'll even be moving my money from the bank tomorrow unless they can prove that they're not saving my password in plain-text format.
Bastard Programmer from Hell :suss:
-
Moved my primary mail to the ISP, since I'm feeling tracked on Google. KPN, the largest ISP in the Netherlands, has been hacked as they put it. I just received an email telling me that I should reset my password, simply because those were leaked too. The largest Dutch ISP has not yet learnt how to securely store a password. No, that's not even the reason for posting in the Hall of Shame; right after this mess they claim that they're "encrypting passwords" in UTF-8[^]. Tweet is in Dutch. Translated;
Passwords of KPN are encrypted using UTF8
I'll even be moving my money from the bank tomorrow unless they can prove that they're not saving my password in plain-text format.
Bastard Programmer from Hell :suss:
One free interwebs, you just won it! :)
Jeroen De Dauw (blog | Twitter | Identi.ca)
