this post was submitted on 11 May 2026
296 points (99.3% liked)

Technology

84534 readers
4092 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
296
Former IT contractor convicted for wiping 96 US government databases (cyberinsider.com)
submitted 17 hours ago by sanitation@lemmy.radio to c/technology@lemmy.world
27 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] orclev@lemmy.world 49 points 16 hours ago (4 children)

Yeah and whoever designed that system needs to be fired. 40 years ago you could maybe call it a reasonable mistake (although it wasn't really acceptable even back then), but these days anyone storing plaintext passwords anywhere is bordering on criminal negligence. Unless you have a damned good reason passwords should be hashed, but at a minimum at least encrypted with something reasonably secure.

[–] stoly@lemmy.world 6 points 8 hours ago (1 children)

I'd like to say that nobody cared about security even 25 years ago, but in government, they have ALWAYS cared about security.

[–] SeductiveTortoise@piefed.social 4 points 8 hours ago* (last edited 7 hours ago)

25 years ago I was still programming in php and I was salting my passwords before hashing even back then.

[–] SeductiveTortoise@piefed.social 11 points 11 hours ago

Salt it, hash it, put it in a stew.

[–] PlantJam@lemmy.world 29 points 15 hours ago (2 children)

I would argue that there is no such thing as a good reason to store plain text passwords.

[–] SeductiveTortoise@piefed.social 5 points 11 hours ago

They are not saying that you should have a good reason to store plain text, but to have a good reason not to hash, but only to encrypt.

[–] TeddE@lemmy.world 1 points 7 hours ago

I'm comfortable with boot having a either a plaintext key or two key halves to XOR together, used to unlock the base OS. I honestly don't trust a TPM to store this, and as long as the OS is designed to guard the key from all but root, I don't see any security issue.

[–] Soulphite@reddthat.com 2 points 14 hours ago

If it was anyone hired by the current administration to be the security software engineer, I'd imagine it being someone severely under qualified with some kind of reality TV, media background who probably only mentioned "I stayed at a Holiday Inn last night.." when asked if they had any security authentication background. The interviewer probably just got a grand kick out of that response and after an intense belly laugh said, "Fuck it, you're hired!"