Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Issue Forums»Editorials & Other Articles»CNBC Tried, and Massively...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Editorials & Other Articles

Related: About this forum

Xipe Totec

(43,890 posts) Wed Mar 30, 2016, 10:56 AM Mar 2016

CNBC Tried, and Massively Failed, to Teach People About Password Security

With the court fight between Apple and the FBI as a news peg, CNBC tried to teach people that accounts secured by simple passwords can easily be guessed or brute-forced with a custom-coded tool that analyzed reader’s passwords. But the first capital sin of this article was asking users to type in their own passwords in order to check how secure they were—over a website that doesn’t use HTTPS web encryption, no less.

This was first noticed by Google security engineer Adrienne Porter Felt:



That means that after a user typed in her password, the password was initially sent to a Google spreadsheet, travelling completely insecurely through the internet. Anyone on the way—say, a hacker snooping on the Starbucks’ WiFi connection you were reading the article on—can now steal it.

Did you type your real password? Congratulations, it’s now been shared not just with CNBC and that friendly Starbucks hacker, but also with more than 30 third parties, such as advertisers and analytics providers who pull data from CNBC.com, as noted by independent security and privacy researcher Ashkan Soltani. (Also please stop using one password for everything and start using a password manager. Hackers know that people reuse passwords and will test it against Facebook, Bank of America, and so on.)

http://motherboard.vice.com/read/cnbc-tried-and-massively-failed-to-teach-people-about-password-security

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 1732 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
CNBC Tried, and Massively Failed, to Teach People About Password Security (Original Post) Xipe Totec Mar 2016 OP
WTF!? tk2kewl Mar 2016 #1
Good god. What a fiasco. nt Nay Mar 2016 #2
Reply to this discussion
Latest Discussions»Issue Forums»Editorials & Other Articles»CNBC Tried, and Massively...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.