Apparently reporting the vulnerability to them 5(!) years ago was not enough :/
http://discuss.joyent.com/viewtopic.php?pid=139497
* Communicate over SSL/TLS (avoids session hijacking scenarios and is a reasonable choice in general)
* Hash AND Salt user passwords (we use PBKDF2)
Take one day and fix this in your own products & you just saved yourself a major PR disaster in the future :)
Apparently reporting the vulnerability to them 5(!) years ago was not enough :/
http://discuss.joyent.com/viewtopic.php?pid=139497
* Communicate over SSL/TLS (avoids session hijacking scenarios and is a reasonable choice in general)
* Hash AND Salt user passwords (we use PBKDF2)
Take one day and fix this in your own products & you just saved yourself a major PR disaster in the future :)