Gawker makes a hash of non-ASCII characters in passwords
Gawker is phasing out the use of email-address-and-password login in favour of more modern OAuth authentication and the use of anonymous one-off accounts. Tom Plunkett, CTO at Gawker Media, briefly explained the plans in responding to the discovery of another password-related security snafu involving the media news and gossip …
This topic is closed for new posts.
Shorter Gawker:
"We're completely incompetent at security, so we're outsourcing the problem to a third party too new to have ruined its reputation yet."
You are the weakest link, hello.
Just goes to show that no matter how security-smart you are when selecting a password or configuring your router for WPA2, all it takes is one ignorant and lazy programmer who's decided to ignore UTF-8 in the global marketplace because it complicates his simple understanding of coding for a 7-bit world, and you're about as secure as an English air-to-the-throne being escorted by police outriders and royal guards through a student protest to an annual variety performance.
Poke these programmers with a wooden stick!
CTO is a lucky fellow
Quite interesting that this plunker is still employed there considering how thin skinned Denton is.
Speaking of " failing to handle non-ASCII characters in passwords "
over Christmas my all-non-ascii elReg password stopped working. Necessitating a return to a boring old ascii letters and numbers jobby. There were all sorts of other site errors too. Just had to drink beer without watching the world go by. sniff.
Already started
I forgot my new Gawker password yesterday, and was prompted to use a burner to get back in.
This topic is closed for new posts.
