back to article Who's using Mueller Report Day to bury bad news? If you guessed Facebook, you're right: Millions more passwords stored in plaintext

While journalists and netizens are distracted digesting the redacted 400-plus-page Mueller report, released within the past few hours, today will be a good day for spin doctors to bury bad news. And Facebook just couldn't pass up on the opportunity. One hour before the long-awaited dossier by Robert Mueller – special counsel …

  1. sitta_europea Bronze badge

    Just opened my first facebook account.

    Everything I told it was lies.

    1. veti Silver badge

      Don't worry, nobody cares about the stuff you tell it voluntarily.

    2. Pascal Monett Silver badge

      That doesn't matter - Facebook is still making money out of you.

      Stop feeding the monster : close your account and get out of there.

      Facebook is a blight that not only feeds on the feeble-minded that subscribe, it also impacts anything that comes withing clicking distance of it.

      Don't you understand ? It's the plague - revisited for the 3rd millennium.

      Kill it while you still can.

    3. whitepines Silver badge
      Happy

      Everything I told it was lies.

      Congratulations! You accessed a protected computer system in direct and willful violation of the terms of service (which include accuracy of the information used to open your account). That should be good for, oh, 20 years in the clink?

      1. Andre Carneiro

        It’s a joke.

        You’re joking, right?

      2. Anonymous Coward
        Anonymous Coward

        Then same 20 years for you Whitepines!

        Because the terms of service for the Reg are you post comments, not drivel. So you've broken their terms on their computer... right?

      3. whitepines Silver badge
        Facepalm

        Wow, lots of downvotes on something intended to be a slightly humorous reminder of how insane various "hacking" laws are. Guess some people really can't take a joke!

  2. adnim Silver badge

    They make billions

    and cant be bothered to employ competent coders? Is it a failing of HR, or is this the way agile development works?

    I dunno. I get shit from my gaffer because testing and refinement takes much longer than the quickly thrown together PoC I developed in order to say.."yes this can be done"

    1. O RLY

      Re: They make billions

      I’m inclined to think Facebook are the inverse of Hanson’s Razor: I attribute to malice that which can be attributed to incompetence. They DO hire competent coders for the most part.

      1. LDS Silver badge

        "They DO hire competent coders for the most par."

        Competent developer doesn't mean they have also high ethical standards - and many people are still ready to lower ethical standard if the pay is good enough.

        1. simonlb Bronze badge

          Re: "They DO hire competent coders for the most par."

          Yes, but sooner or later having Facebook listed as a former employer on your resume/CV or LinkedIn profile will definitely count against you.

    2. a_yank_lurker Silver badge

      Re: They make billions

      Agile has 2 different but apparently similar definitions. One is the methodology with very specific features such 2 week sprints, design iteration on the fly, etc. The other is more of mindset of the involving all the parties to the project from the start with design meetings including programmers from the start and iterative building until one has a usable or final product. In the first, there are often specific check boxes that must be adhered to. The second is more dynamic and has fewer, if any formal check boxes. Its key concept is the programmers must be involved early one and there must be feedback to the refine the project. Oddly, the second may appear to be more formal as it does mandate specific practices about meetings or timing.

    3. PastyFace

      Re: They make billions

      For all the issues you can rightly raise with Agile, it can't be blamed for poor spec or QA.

      1. Anonymous Coward
        Anonymous Coward

        Re: They make billions

        For all the issues you can rightly raise with Agile, it can't be blamed for Facebook.

        FTFY

      2. Stevie Silver badge

        Re: For all the issues you can rightly raise with Agile,

        For all that speed in releases, there doesn't seem very much one might call "agile" in the provision of feedback from those at the sharp end of this "innovative paradigm" when it has been done wrong (again): The users.

    4. Stork Silver badge

      Re: They make billions

      I first thought PoC was Piece of Crap, but then guessed it could be Proof of Concept

      1. adnim Silver badge

        Re: They make billions

        "I first thought PoC was Piece of Crap, but then guessed it could be Proof of Concept"

        My code is quantum based... It is both at the same time.

      2. Anonymous Coward
        Anonymous Coward

        Re: They make billions

        "I first thought PoC was Piece of Crap, but then guessed it could be Proof of Concept"

        It is bit like 'Schrodinger's Cat' ....... say call it 'Schrodinger's code' ;) :)

        Until you look actually *see* the code it can be either 'Proof of Concept' OR 'Piece of Crap' and the code runs *without* knowing which it is !!!

    5. Anonymous Coward
      Anonymous Coward

      Re: They make billions

      Never underestimate bad project management. I've had previous employers tell me to not fix critical security flaws because they were a secret, and to throw internal demos onto the public WAN even though they had no security hardening.

  3. Chris G Silver badge

    Silly cult

    Sociopathic economiser of truth that he is, Zuckerberg can't produce so much crap without the cult like obedience that he seems to get from his employees.

    The ongoing saga of disaster that is faecebook must surely be confined to the pages of history sooner rather than later, it has single handedly been responsible for dumbing down an entire generation.

    Can't we close them down for crimes against humanity?

  4. Anonymous Coward
    Anonymous Coward

    Prison for the execs

    It's the only way to stop this from happening again and again.

    1. Winkypop Silver badge

      Re: Prison for the execs

      Cold showers

      Cold porridge

      Cold cells

      1. Fruit and Nutcase Silver badge

        Re: Prison for the execs

        You forgot the daily body cavity searches

        1. Chris G Silver badge

          Re: Prison for the execs

          "You forgot the daily body cavity searches"

          That should be conducted by AI controlled robots.

      2. Stevie Silver badge

        Re: Prison for the execs

        For what? I'm pretty sure that buried in the Terms of Use for Twitface and Instachat is the news that credential breach is only a matter of concern and actionable recourse when it is perpetrated by the user.

        1. Oliver Mayes

          Re: Prison for the execs

          Pretty sure their Ts&Cs can't override the law about losing private information.

  5. Doctor Syntax Silver badge

    "Our investigation has determined that these stored passwords were not internally abused or improperly accessed."

    That's unusual. The normal form is to find no evidence of anything wrong.

    Ah! I've read it again. The passwords were not internally abused or improperly accessed. That doesn't rule out external abuse or improper access.

    1. Mark 85 Silver badge

      And that's why PR types get paid the big bucks.

      1. Tree
        Pirate

        PR types so smart they deserve big bucks

        FaceBUTT's Terms of Service are written by illiterate nitwits, precisely so you can't understand their meaning.

        These appear to allow Facebook to exploit your name, likeness, content, images, private information, and personal brand by using it in advertising and in commercial and sponsored content — without any compensation to you. Facebook claims the right to monetize, not just your images, but a sizable portion of your entire online identity. They want to see Facebook became a place where users are disrespected and their experience is a feeling of being victimized and exploited.

        They REALLY repect me and mine.

    2. Anonymous Coward
      Anonymous Coward

      Null statement vs False statement

      "Our investigation has determined that these stored passwords were not internally abused or improperly accessed."

      Judging from its previous statements, nothing Facebook does is abusive or improper.

      Is this therefore a null statement, a false statement, or both?

      1. Stoneshop Silver badge
        Devil

        Re: Null statement vs False statement

        Judging from its previous statements, nothing Facebook does is abusive or improper.

        Unless it negatively impact their bottom line.

    3. doublelayer Silver badge

      Ah, but you see, they were sneaky with their adverbs. You would think that they meant them in the sense of internally abused or internally improperly accessed, but they meant internally accessed but only in a proper way (you probably don't want to know what Facebook considers proper ways to access data) and not abused internally. Should they want some abuse done with the data, they can get an external entity to do it. Adverbs are tricky.

  6. cyclical

    I'm still not sure what circumstances would require one to log passwords. I've coded a pile of authentication systems and even the highest debugging levels only ever logged username and success y/n - logging the password even to a secure database would be a massive no-no. That shit is salted and hashed into an unrecognisable mass by any dev who know their shit, and then it's stored in a heavily monitored cluster/store/whatever where you check exactly who looks at it because it's highly sensitive data. Right? I mean storing elsewhere as plaintext undoes any other security measures you might have (OK, 2fa defeats a lot of that, but few systems enforce 2fa, facebook does some half-assed geolocating stuff so chinese script-kiddies can't brute force you)

  7. redpawn Silver badge

    You can't secure everything

    so give them a break for tossing a coin to decide when security should be implemented. Do you have a better system?

  8. macjules Silver badge
    Facepalm

    Facebook (revised) coding standards?

    Use PHP as a programming language, not a templating language.

    Avoid globals.

    Avoid extract().

    Avoid eval().

    Avoid variable variables.

    Prefer classes over functions.

    Release React candidates as often as you can to confuse Front End developers.

    Store user data in plain text files.

    Lie about everything.

    1. Julz Bronze badge

      Re: Facebook (revised) coding standards?

      It's mostly Hack running on the HipHop Virtual Machine. I think it has a better ambience and gives a greater sense of place if you think of it all being written in Hack.

  9. don't you hate it when you lose your account Bronze badge

    Anything they say

    Every statement simply sounds like brain bleach. Each one wipes out a bit of your mind until your left in a white happy haze where your contentment comes from that next post.

  10. RonWheeler

    Mueller

    This whole thing is just weird Trump Derangement Syndrome. Sad to see The Reg playing along.

  11. Teiwaz Silver badge

    Wait, did they really go back to a Press Release from March and Amend it?

    I hope 'Winston Smith' had a big enough incinerator for that unnews

  12. This post has been deleted by its author

  13. Lorribot

    Ther are two groups in this world that cause me more problems than even users. Project managers and developers.

    They are both focused on delivering solutions on time and on budget but have no focus on the real stuff like ongoing management, real security and remembering that the work around/logging thing the put in to try and fix that problem needs to be removed before go live, and they feed of each other.

  14. Anonymous Coward
    Anonymous Coward

    Dear El Reg,

    Whenever you write about anything in the Facebook empire, can you add the following small paragraph?

    "You will notice that, despite warning about the evil and insecure nature of Facebook/Instagram/whatever, we continue to provide easy to find and obviously branded tracking links from every single page in our site (yes, even on the 404 page) to all of these platforms. So please understand that our stance against them is more on the 'verbiage' scale than on the 'action' scale. We don't quite dare remove the buttons, in the same way that we don't quite dare start a subscription model, even as we moan about ad-blockers. Thank-you for your understanding."

  15. rnturn

    Facebook announcement timing

    I can't recall where I read it but a recent article pointed out that, apparently, Facebook thinks it's advantageous to release the reports of these security lapses just before major holidays---when nobody is looking much at the news. Slimy practice from a slimy company.

  16. Aynon Yuser

    It's probably someone working in their tech department who is taking bribes under the table by "bad actors" in foreign business and government to "accidentally" leave this stuff laying around in the open, they grab the information, and then Facebook says "oh hi Facebook investors...this was a mistake. We'd never put our user's privacy in jeopardy...never ever ever. But here it is if you give us so and so amount of $$$$'s"

    Smug punchable-face Mark Zuckerberg up to his usual routine.

  17. A random security guy

    Facebook has lost its shine

    Even in Silicon Valley. At an unnamed meeting 5 security geeks and one single girl (about the right boy-girl ratio here) were chatting. I asked the girl where she worked and she said Facebook. The look of distaste on everyone’s face was obvious. We all did a disappearing act. That is a very powerful reaction.

    1. Anonymous Coward
      Anonymous Coward

      Re: Facebook has lost its shine

      Lucky you didn't mention forking her repo; your face would've been all over the internet now if you had.

  18. Anonymous Coward
    Anonymous Coward

    Time for a rebrand

    I think a rebrand is in order - Faceplant is much better name for the site.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019