HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Editorials & Other Articles (Forum) » CNBC Tried, and Massively...

Wed Mar 30, 2016, 10:56 AM

CNBC Tried, and Massively Failed, to Teach People About Password Security

With the court fight between Apple and the FBI as a news peg, CNBC tried to teach people that accounts secured by simple passwords can easily be guessed or brute-forced with a custom-coded tool that analyzed reader’s passwords. But the first capital sin of this article was asking users to type in their own passwords in order to check how secure they were—over a website that doesn’t use HTTPS web encryption, no less.

This was first noticed by Google security engineer Adrienne Porter Felt:



That means that after a user typed in her password, the password was initially sent to a Google spreadsheet, travelling completely insecurely through the internet. Anyone on the way—say, a hacker snooping on the Starbucks’ WiFi connection you were reading the article on—can now steal it.

Did you type your real password? Congratulations, it’s now been shared not just with CNBC and that friendly Starbucks hacker, but also with more than 30 third parties, such as advertisers and analytics providers who pull data from CNBC.com, as noted by independent security and privacy researcher Ashkan Soltani. (Also please stop using one password for everything and start using a password manager. Hackers know that people reuse passwords and will test it against Facebook, Bank of America, and so on.)

http://motherboard.vice.com/read/cnbc-tried-and-massively-failed-to-teach-people-about-password-security

2 replies, 1537 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 2 replies Author Time Post
Reply CNBC Tried, and Massively Failed, to Teach People About Password Security (Original post)
Xipe Totec Mar 2016 OP
tk2kewl Mar 2016 #1
Nay Mar 2016 #2

Response to Xipe Totec (Original post)

Wed Mar 30, 2016, 11:01 AM

1. WTF!?

 

assholes...

Did Bryan Pagliano set up this web site

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Xipe Totec (Original post)

Wed Mar 30, 2016, 01:33 PM

2. Good god. What a fiasco. nt

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread