Wednesday, September 3, 2008

A disaster waiting to happen...

To follow up on my earlier post, not only have logins been centralised between and other parts of Sun's Internet facing web pages but the login names are derived from publicly available data and the passwords ... I'm not sure if I should mention what our passwords are, suffice to say that if someone managed to hack any of the web pages used for logins and captured passwords then a lot of Sun employees might need to change their password. (And that's the rosy side of a successful attack. The dark side is everyone inside will need to.)

A couple of decades ago, we would have had those concerns for mail software (and perhaps we still should) but whatever problems there are with email now is dwarfed by those with web pages. Maybe in a couple of decades using sensitive passwords on outer web pages will be considered "ok" or "safe" by many but for now, such designs leave me aghast.

No comments: