|
|
|
|
|
|
by matdes
5105 days ago
|
|
|
I alerted them to the fact that their passwords were in plaintext a YEAR AGO. I got a response email on June 29, 2011 saying: "Thanks for reporting the issue of plain text passwords to us. It's how passwords are handled with the membership software we use for Tuts+ Premium, which isn't extremely well coded and something we want to rebuild from scratch. In the mean-time our dev team will be hacking the software to bring password security up to the best practices we advocate on our Tuts+ sites, like Nettuts+." Not only was this issue brought up to them, they stated very clearly that they were working to bring their password security up to best practices. In a YEAR, they couldn't hack on a password hash or rebuild their plugin from scratch? If anyone knows if there is a lawsuit pending that could use my email as evidence, please let me know. |
|
|