Stephen_McCloskey's WebLog

Tripping through the managed landscape.

  • Stephen_McCloskey's WebLog

    More on password sniffing

    • 9 Comments
    Here are some articles about password sniffing and real-world systems. Documented accounts of successful password sniff attacks do actually exist. (I’m not trying to pick on the OSS folks when it comes to poor password handling, but the two...
  • Stephen_McCloskey's WebLog

    Apps that email passwords

    • 10 Comments
    Why does the ASP.net administrative site send your plaintext password to you in email whenever you change it? This strikes me as a bad idea. For that matter, why doesn’t the ASP.net site use https on the page that allows you to change your password...
Page 1 of 1 (2 items)