It's important to note in this "Facebook plain-text password" story that the passwords are being stored with salted scrypt hashes, that's not the issue. Instead, the issue is inadvertent logging of web requests -- which happen to contain clear-text passwords.
Meme apart, this is a serious and shockingly overlooked threat. Same for SaaS collecting trace from application crashes, etc.
-
-
It strikes me as ironic that we (meaning the
#InfoSec community) have pushed a mantra of "You must collect and monitor logs!" and then companies do this and realize, "Oh, wow, our logging sucks in multiple ways!" and we created a new problem on the threat landscape.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.