Epic Security Fail
^A webhosting site sent an e-mail containing every username and password out to its members
---
Tell me to get back to rewriting this site so it's not horrible on mobile
Log in or Register for free to comment
Recently Spotted:
robio (3m)
One of the websites I tried to use for a free PHP host was IsMyWebsite. Well, I'm glad I did, because I got to be witness to one of the most ridiculous security failings ever.
Previously I already had to complain about their passwords being passed from page to page through GET headers, they've outdone themselves. This morning I and every other IsMyWebsite user was sent an e-mail for forgotten passwords suggesting we choose just one of the accounts registered under our e-mail...which included every username and password for the site.
And in case you're wondering, the change password form doesn't work.
---
Tell me to get back to rewriting this site so it's not horrible on mobile