GCHQ - A plaintext offender

[Biohazard]

I'll plaintext offend ur face!

This will end well.

 

[Firestar_3x]

That's got nothing to do with the security of GCHQ like you originally stated.
It's certainly has to do with the security of personal details to the agents that have applied, or are applying.

Clearly this is way over some of GD's heads.
Please lock if a mod see's and i'll keep to places that can comprehend it

So come on then, what's the potential security threat and implications of your account password being exposed.

 

[Sin_Chase]

Not best practice, but who cares?

Anything worth protecting will be, your recruitment login...not so much.

 

[Biohazard]

Not best practice, but who cares?

Anything worth protecting will be, your recruitment login...not so much.

Could they be used to compile a list of potentially successful applicants?

 

[teaboy5]

I wouldn't blame GCHQ for this. They more then likely use an external company for the jobs section on the website and it's built into their site to make it look the same.

 

[arctine]

That's got nothing to do with the security of GCHQ like you originally stated.

Clearly this is way over some of GD's heads.
Please lock if a mod see's and i'll keep to places that can comprehend it

What?

So when you said 'GCHQ - not so secure?', It had nothing to do with the security of GCHQ?

You're right, that just went straight over my head.

 

[KIA]

Passwords should never sent out as plaintext. BT does something similar.

 

[dfarrall]

Stored in that database are names, family members names, passport numbers, addresses and other personal information on GCHQ Employees and applicants.

Your telling me that information isn't worth being protected?

Well bugger me then what is..

 

[arctine]

Stored in that database are names, family members names, passport numbers, addresses and other personal information on GCHQ Employees and applicants.

Your telling me that information isn't worth being protected?

Well bugger me then what is..

Ok, aside from the fact you illegitmately tried to link this with the overall security of GCHQ and are now backtracking,

Are you under the impression that because it was sent to you in plain text, it must also have been stored on the database in plain text?

 

[Sin_Chase]

Stored in that database are names, family members names, passport numbers, addresses and other personal information on GCHQ Employees and applicants.

Your telling me that information isn't worth being protected?

Well bugger me then what is..

And?

Is that information viewable when logged in or is it on submit only data?

You are making a huge thing about something that is potentially nothing.

 

[dfarrall]

Ok, aside from the fact you illegitmately tried to link this with the overall security of GCHQ and are now backtracking,

Are you under the impression that because it was sent to you in plain text, it must also have been stored on the database in plain text?

It goes hand in hand with the security of GCHQ, not with their operations though.

They're stored in a reversible algorithm at least. This is exactly why you shouldn't trash articles when you clearly have no clue about the principles behind it.

 

[Firestar_3x]

Stored in that database are names, family members names, passport numbers, addresses and other personal information on GCHQ Employees and applicants.

Your telling me that information isn't worth being protected?

Well bugger me then what is..

If this was purely for job application purposes im surprised they ask for this level of detail at an early stage, I know it's not true for other branches of security in the country.

 

[dfarrall]

If this was purely for job application purposes im surprised they ask for this level of detail at an early stage, I know it's not true for other branches of security in the country.

Clearly you didn't read the article before you dived in head first flaming then..

 

[arctine]

It goes hand in hand with the security of GCHQ, not with their operations though.

They're stored in a reversible algorithm at least. This is exactly why you shouldn't trash articles when you clearly have no clue about the principles behind it.

Erm, it wouldn't be much use to anyone if it wasn't reversible would it?

 

[Judgeneo]

Erm, it wouldn't be much use to anyone if it wasn't reversible would it?

??

The best way to store passwords is to store just a salted hash of them. There should be no way to retrieve the actual password.

There is also no need to send a user their password, if they forget it, reset it.

 

[dfarrall]

Erm, it wouldn't be much use to anyone if it wasn't reversible would it?

Bravo! Again trolling on a subject you know nothing about, clearly.

Proper password hashing should be done to the point it's not feasible to reverse them.

Take a look at Bcrypt and Scrypt.

Discussion can be found here; https://news.ycombinator.com/item?id=5442238

 

[arctine]

??

The best way to store passwords is to store just a salted hash of them. There should be no way to retrieve the actual password.

There is also no need to send a user their password, if they forget it, reset it.

Right.

 

[arctine]

Bravo! Again trolling on a subject you know nothing about, clearly.

Proper password hashing should be done to the point it's not feasible to reverse them.

Take a look at Bcrypt and Scrypt.

Discussion can be found here; https://news.ycombinator.com/item?id=5442238

I fail to see how asking a question resembles trolling.

 

[dfarrall]

Because the previous page you were asking what the problem was, in a sarcastic manner, saying how it was over your head, sarcastically.

Now it appears it IS over your head, ironically

 

[kwerk]

As long as there is no financial info involved who cares? Unless you are stupid enough to use the same password for everything.