Slashdot Mirror

← Back to Stories (view on slashdot.org)

CNBC Just Collected Your Password and Shared It With Marketers (pcworld.com)

Posted by BeauHD on from the irony-at-its-best dept.

SpacemanukBEJY.53u writes: An article published by CNBC on Tuesday offered tips on how to create a secure password, complete with a form that tested submitted passwords. While well-intended, security experts said it exposed passwords to third-party advertisers. Also, the form created to test a password didn't use SSL/TLS, which meant someone on the same network could have sniffed it. Even worse, the tool claimed to not store the passwords, but an acute observer found they were actually being inputted into a Google Docs spreadsheet. CNBC quickly withdrew the article.

9 of 143 comments (clear)

  1. Idiot Test by Anonymous Coward · · Score: 5, Funny

    Has your credit card number been stolen? Enter it here to find out!

    1. Re:Idiot Test by Thanshin · · Score: 3, Funny

      Has your credit card number been stolen? Enter it here to find out!

      341 9207 4491 1246

      How long does it take to have an answer?

    2. Re:Idiot Test by Mathinker · · Score: 3, Funny

      The variety of spam I get is quite interesting, and probably has to do with how many different times I've done that.

      I'm both an over-80 fundamentalist Christian woman AND a bisexual 30-year old WIccan!

    3. Re:Idiot Test by RavenLrD20k · · Score: 3, Funny

      Dagobah, Sanctosanctorium, and Auschwitz. Why?

  2. Automatic Password Filter by Anonymous Coward · · Score: 5, Funny

    It's good that Slashdot uses an automatic password filter that converts posted passwords into stars.

    For example, my password is ******** but it doesn't show up in the post. Yeah, I know eight characters really isn't long enough but the first character is an uppercase letter and has a number at the end.

    Why don't you all give it a try.

    1. Re:Automatic Password Filter by Coisiche · · Score: 3, Funny

      **********

      Seems legit.

    2. Re:Automatic Password Filter by Anonymous Coward · · Score: 5, Funny

      hunter2

      doesnt look like stars to me

  3. Re:Not a suprise by mwvdlee · · Score: 4, Interesting

    Having recently made a random password generator (http://random.toyls.com/), I ended up concluding nothing that tries to help users with passwords can guarentee they are not spied upon.

    There's either server code that generates code or javascript that generates it client-side (my solution). In the first case, the server knows the codes before sending them to the user, in the second case, there has to be javascript running, which could basically track everything the user does. (either AJAX, cookies or local storage for later retrieval). And than there's the possibility of third party javascript, either included on the page or provided through browser extensions, which are completely out of control. I make some effort to try and block these javascripts access on my site, but there's really nothing that could stop a determined hacker using a browser extension.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  4. "Just" stop with the clickbait by H_Fisher · · Score: 4, Insightful

    Can we please stop with the clickbait headlines? News that's more than one hour old did not "just" happen. Unless you're live-blogging on Twitter, whatever you're posting about is going to sound instantly dated. Moreover, it "just" sounds unprofessional — in terms of journalistic "voice," your news now lacks authority and sounds as if it's being delivered by a teenager.

    I worked in journalism for 12 years, full-time and freelance. The dumbing-down of journalism and the rise of clickbait-style reporting are driving away readers, not attracting them. That's especially true for sites like /. where people do actually, sometimes, expect informative and accurate stories ...