pifts.exe

March 10, 2009 · Comment

I just read about pifts.exe at a fellow Swedish blogger.

It does look a little suspicious, but I am not convinced it is a cover up.

All the threads I have seen mentioning pifts.exe at the Norton Forum site, before being deleted, has contained loads of junk.

I might be a social attack against Norton.

Tags: <Security, Thougths>

Saving passwords

May 20, 2007 · Comment

I am by no means a security guru, but can all you developers please end your stupid habit of saving passwords in clear text to the database.

It makes my cry when I click ‘forgot password’ on a web site and get a mail with my old password in it.

Make a hash out of the users password combined with a random value, called salt. Store the salt and the hash in the database. When the user later tries to log in you can hash the supplied password together with the salt and compare it to your stored hash.

Tags: <Creating Software, Security, Software Development>

My software
In Swedish
Tags

.Net Ads BizTalk Books Bug bugfix Continuous Integration Creating Software Education Free Free software Free stuff Freeware Information Internationalization jsiPodFetch jsiServiceManager jsiSoft Knowledge License Localization logview4net Music Open Source Performance Podcast Project Management Release Review Sansa Clip SCM Shareware Software Development Subversion Team Foundation Server TFS Thougths Thougths Tools Uncategorized Using Software Virtualisation Virtualization Visual Studio Writing
Archives

Thinking out loud.

pifts.exe

Saving passwords

My software

In Swedish

Tags

Archives