You're assuming IBM programmers don't make stupid mistakes like storing plain text passwords or leaving gaping XSS holes. That's not a safe assumption at all.
I don't think what Reddit did was that bad either. The odds were that they'd fail and no one would have cared that they had plain text passwords. I think startups generally have much better programmers, but their work is so geared towards speed that security comes second. That probably just means the level of security vs IBM is a draw.
BTW. MySpace seems to still store plain text passwords. Try the "forgot my password" feature.
"You're assuming IBM programmers don't make stupid mistakes"
No; my whole point was that, that's right, we don't know who's making more stupid mistakes, one way or the other.
"I think startups generally have much better programmers, but their work is so geared towards speed that security comes second. That probably just means the level of security vs IBM is a draw."
That's exactly why I disagreed with PG, because it's probably a draw.
I don't think what Reddit did was that bad either. The odds were that they'd fail and no one would have cared that they had plain text passwords. I think startups generally have much better programmers, but their work is so geared towards speed that security comes second. That probably just means the level of security vs IBM is a draw.
BTW. MySpace seems to still store plain text passwords. Try the "forgot my password" feature.