Scott Robinson (quadhome) wrote,
Scott Robinson

Embarrassing Security

I like to keep people guessing. I don’t believe in privacy. And, yet, I think it’s embarrassing when I receive e-mails like this:

Sent: Wednesday, January 30, 2008 4:26 PM
To: Scott Robinson
Subject: [CodeProject] Member information Update

Dear Code Project Member

Apologies for the interuption but we’ve found a small problem:

You may have noticed that you have been unable to sign into After our recent upgrade we found a few of our members had
passwords that were getting corrupted by our new encryption system. All
passwords are stored in our database in encrypted form to protect your privacy,
but unfortunately your password was in a form that caused problems when

To fix this we’ve issued you with a new password and ask that you log in and
change your password as soon as possible.

Your details are as follows:

Login email :
Password    : EINMBONG

To log on to The Code Project visit the homepage (
and enter your email address and password in the login area at the top right of
the homepage.

If you have not signed out of CodeProject since signing up you may not have
exerpienced any problems. However, we have still, unfortunately, had to reset
your password and ask that you change it to something different ASAP.

We apologise for the inconvenience and want to reassure you that your private
information has not been compromised in any way. (In fact no one could get to
it, not even you!)

If you’re at all concerned by the legitimacy of this email feel free to contact
me at

Chris Maunder

From: Scott Robinson Sent: Wednesday, January 30, 2008 7:38 PM To: Chris Maunder Subject: RE: [CodeProject] Member information Update Unencrypted? How can a hashed password be unencrypted?
From: Chris Maunder To: Scott Robinson Subject: RE: [CodeProject] Member information Update We enrypt, not hash, since this allows our members to recover their password instead of being forced to choose a new one. Most members we talked to preferred this method.

Or, you know, the hot-spot for predators:

From: Welcome to MySpace
Subject: MySpace Account Confirmation

Hi Scott -- Thanks for joining MySpace!

Here’s your account info for logging in:

Password: abc123

Keep it secret. Keep it safe.
Tags: spewing

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.