this post was submitted on 11 May 2026
312 points (98.8% liked)

Technology

84534 readers
3632 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
312
Former IT contractor convicted for wiping 96 US government databases (cyberinsider.com)
submitted 22 hours ago by sanitation@lemmy.radio to c/technology@lemmy.world
28 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] subignition@fedia.io 121 points 21 hours ago (1 children)

Are we gonna gloss over the fact that the EEOC was storing plaintext passwords? Fucking incompetent

[–] orclev@lemmy.world 51 points 21 hours ago (5 children)

Yeah and whoever designed that system needs to be fired. 40 years ago you could maybe call it a reasonable mistake (although it wasn't really acceptable even back then), but these days anyone storing plaintext passwords anywhere is bordering on criminal negligence. Unless you have a damned good reason passwords should be hashed, but at a minimum at least encrypted with something reasonably secure.

[–] Tollana1234567@lemmy.today 1 points 5 hours ago

admin123 is likely the password.

[–] stoly@lemmy.world 6 points 14 hours ago (1 children)

I'd like to say that nobody cared about security even 25 years ago, but in government, they have ALWAYS cared about security.

[–] SeductiveTortoise@piefed.social 4 points 13 hours ago* (last edited 13 hours ago)

25 years ago I was still programming in php and I was salting my passwords before hashing even back then.

[–] SeductiveTortoise@piefed.social 11 points 16 hours ago

Salt it, hash it, put it in a stew.

[–] PlantJam@lemmy.world 30 points 20 hours ago (2 children)

I would argue that there is no such thing as a good reason to store plain text passwords.

[–] SeductiveTortoise@piefed.social 5 points 16 hours ago

They are not saying that you should have a good reason to store plain text, but to have a good reason not to hash, but only to encrypt.

[–] TeddE@lemmy.world 1 points 13 hours ago

I'm comfortable with boot having a either a plaintext key or two key halves to XOR together, used to unlock the base OS. I honestly don't trust a TPM to store this, and as long as the OS is designed to guard the key from all but root, I don't see any security issue.

[–] Soulphite@reddthat.com 2 points 19 hours ago

If it was anyone hired by the current administration to be the security software engineer, I'd imagine it being someone severely under qualified with some kind of reality TV, media background who probably only mentioned "I stayed at a Holiday Inn last night.." when asked if they had any security authentication background. The interviewer probably just got a grand kick out of that response and after an intense belly laugh said, "Fuck it, you're hired!"