Wait, my head exploded when I read this line:
F... fucking... REALLY?! No, no, not what it's saying, but... that you're actually SAYING THIS? It's like, let's see here, some clown sneaks onto a military base and puts on some kind of demonstration in middle of a road there. Ouch, that's embarrassing. But in the official response, they say...
"Well, we only have one guard stationed at the gate between 4am and 8am, and the rest of the time there are 2 guards except during their lunch break at 12pm and 1pm. And one of them really likes F-16s and is easily distracted by the launches."
WHAT THE FUCK KIND OF SECURITY RESPONSE IS THAT?! What user needs to know those intricate details?
Harm versus Benefit analysis. Assume, for example, that the script kiddie(s) responsible for the hack weren't thinking of stealing any passwords. They just wanted to make some lulz. In the process, they got the passing idea to back up the database. They came, they lul'd, they left, watching the aftermath (server shut down for what, almost 2 days?). Now they come along and see that post, and say "OH WOW! I DIDN'T EVEN THINK TO CHECK THE PASSWORDS, LOL, BUT THIS MORON JUST GAVE US THE KINGDOM FOR FREE!". No Googling necessary... in fact, it PROMOTES the idea of curiously trying this theory on their backup database they stole for the lulz. Sure enough, it reveals some admin password, "penis" (which would TYPICALLY be too short to use, but with this lack of security... who knows!). O LOL WOW, IT WORKS, LETS CRACK ALL THESE PASSWORDS WITH OUR MINING GPUs
Srsly?
SMF hashes passwords with SHA-1 and salts the hash with your (lowercase) username. This is unfortunately not an incredibly secure way of hashing passwords.
F... fucking... REALLY?! No, no, not what it's saying, but... that you're actually SAYING THIS? It's like, let's see here, some clown sneaks onto a military base and puts on some kind of demonstration in middle of a road there. Ouch, that's embarrassing. But in the official response, they say...
"Well, we only have one guard stationed at the gate between 4am and 8am, and the rest of the time there are 2 guards except during their lunch break at 12pm and 1pm. And one of them really likes F-16s and is easily distracted by the launches."
WHAT THE FUCK KIND OF SECURITY RESPONSE IS THAT?! What user needs to know those intricate details?
Harm versus Benefit analysis. Assume, for example, that the script kiddie(s) responsible for the hack weren't thinking of stealing any passwords. They just wanted to make some lulz. In the process, they got the passing idea to back up the database. They came, they lul'd, they left, watching the aftermath (server shut down for what, almost 2 days?). Now they come along and see that post, and say "OH WOW! I DIDN'T EVEN THINK TO CHECK THE PASSWORDS, LOL, BUT THIS MORON JUST GAVE US THE KINGDOM FOR FREE!". No Googling necessary... in fact, it PROMOTES the idea of curiously trying this theory on their backup database they stole for the lulz. Sure enough, it reveals some admin password, "penis" (which would TYPICALLY be too short to use, but with this lack of security... who knows!). O LOL WOW, IT WORKS, LETS CRACK ALL THESE PASSWORDS WITH OUR MINING GPUs
Srsly?
what your saying is stupid on all kinds of levels. any and all information should be shared in any and all forms of communications. you trying to hid information that others could use to increase security elsewhere might not make it to where it needs to be, all because you thought you were helping.