Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Security Blunder Exposes Lion Login Passwords In Clear Text

Posted by samzenpus on Sunday May 6, 2012 @06:10AM from the whoops dept.

An anonymous reader writes "An Apple programmer, apparently by accident, left a debug flag open in the most recent version of its Mac OS X operating system. In specific configurations, applying the OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text."

1 of 205 comments (clear)

Min score:

Reason:

Sort:

Re:Great by TheThinkingGuy · 2012-05-06 07:17 · Score: 1, Troll

I know you're being sarcastic, but yes, they should. There's companies who actually care about user's privacy and make md5 hash of the password on the client side. Google does not. This despite the fact that their services need JavaScript enabled, so saying that user might have JS disabled is no valid excuse. Hashing the password on client side would greatly increase security and show that the company actually cares about its users.