Forum > Blogs > Epic Security Fail
Epic Security Fail
Ellyoda
avatar
RANK: 8 (+1717)
Country: US
Comments: 6470
News Posts: 413
Joined: 2008-06-21
 
Mon, 11 Aug 2008 11:33:50
Hide
 
0
 
 

One of the websites I tried to use for a free PHP host was IsMyWebsite.  Well, I'm glad I did, because I got to be witness to one of the most ridiculous security failings ever.

Previously I already had to complain about their passwords being passed from page to page through GET headers, they've outdone themselves.  This morning I and every other IsMyWebsite user was sent an e-mail for forgotten passwords suggesting we choose just one of the accounts registered under our e-mail...which included every username and password for the site.

And in case you're wondering, the change password form doesn't work.

---

Tell me to get back to rewriting this site so it's not horrible on mobile
Foolz
avatar
RANK: 10 (+4111)
Country: UN
Comments: 16244
News Posts: 1043
Joined: 2008-06-21
 
Mon, 11 Aug 2008 11:37:09
Hide
 
0
 
 
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHA!

Wow, that sucks.

gamingeek
avatar
RANK: 1 (+4304)
Country: UN
Comments: 48415
News Posts: 59783
Joined: 2008-06-21
 
Mon, 11 Aug 2008 14:10:51
Hide
 
0
 
 
WUT?

Ellyoda
avatar
RANK: 8 (+1717)
Country: US
Comments: 6470
News Posts: 413
Joined: 2008-06-21
 
Mon, 11 Aug 2008 14:24:19
Hide
 
0
 
 
^A webhosting site sent an e-mail containing every username and password out to its members LOL

---

Tell me to get back to rewriting this site so it's not horrible on mobile
Ravenprose
avatar
RANK: 6 (+4870)
Country: UN
Comments: 17250
News Posts: 2808
Joined: 2008-06-21
 
Mon, 11 Aug 2008 16:41:11
Hide
 
0
 
 
Doh! LOL

The VG Press

Log in or Register for free to comment
Recently Spotted:
*crickets*
Login @ The VG Press
Username:
Password:
Remember me?