Catchy Slogan said:
Jordi said:
Sounds like BioWare needs to start encrypting their damn passwords. Seriously, this is like the first lesson everyone learns when they are even remotely going to have to do something with storing passwords, but apparently most companies just don't bother.
Everybody: if a website allows you to retrieve your actual password when you forgot it (as opposed to resetting it to a new one), they are not storing it safely. I know you always hear advice about not ever using the same password anywhere, but we all know that that isn't really practical. I would however recommend that if you know a site isn't storing your password safely, you don't use the same password there as you use for the important stuff (like your e-mail address that they also have).
Edit: I just checked and the Escapist appears to be doing it right.
How do you check?
Log out, go to the login page and click on the "I forgot my password"-link (or something similar). In the case of the Escapist they literally say something like "We can't send you your password, because we encrypted it and we don't know what it is unencrypted". Most sites I know don't say that, but when instead of sending you your password they reset it, that's a big clue that they are storing it right. Of course, you can never really be sure that they are doing it right. Even when they are encrypting it, you don't know if they are doing it properly (i.e. with salts and peppers and stuff). But when they send you your password in plain text, you know 100% for sure that they are doing it wrong.
LorienvArden said:
Jordi said:
There is no police on the internet, so people can pretty much do whatever the hell they please.
Let me rephrase that:
People don't SEE the police on the internet, so they believe they can pretty much do whatever the hell they please.
There are several different agencies that can and will bust you for criminal activities on the internet, like say - hacking sony.
http://www.bbc.co.uk/news/technology-13727639
That story is not about Sony, but you are right: there is some police on the internet. However, I think their presence is so minimal that my point still stands for the most part. It is true that in some extremely high profile cases (like with Anonymous), the police might eventually try to do something about it. And now they have caught a couple of people that they suspect might be uncareful members of Anonymous.
So there are a couple of things that hackers cannot do without the risk of getting arrested. If they mess with a huge corporation or government, the police might get involved. If they steal information, e.g. credit cards, and use it to steal money, they might be caught.
But I would be extremely surprised if the police is going to go after LulzSec for DDoSing the Escapist. They might go after them because they have now hacked several high profile companies as well, but I still doubt it. But even if they do, there are people getting hacked all the time. When my website gets defaced by some jokester, I can't go to the police. There are entire forums full of these people bragging about their accomplishments, but nothing is done about it.
And if the police is more active than I think they are, maybe they should do it more visibly. They can still do stuff secretly and undercover, but they should also let everybody know that they're there, and that they're watching things. Hopefully that will scare of hackers, and it might encourage people and companies to go to the authorities when they get hacked or DDoSed.
[/footnote]
