

Previously reported Tesco security shortcomings being investigated - btbuilder
http://www.theregister.co.uk/2012/08/21/tesco_ico/

======
radio4fan
What's the betting that the developers brought up the plaintext password
problem at the time and were overruled?

I've lost this argument with PHBs in the past. They want to be able to send
password 'reminders'. Sometimes they want to be able to look up users'
passwords too.

Once they've made the decision to misfeature like this, _nothing_ will change
their mind: that would show weakness or fallibility.

I bet there's a developer somewhere in the UK right now who's glowing with a
warm sense of I-told-you-so.

------
nodata
This is interesting, because it shows up the culture of Tesco as a "cover it
up" rather than "do something about it" organisation.

It didn't use to be. Time to sell your shares.

------
chris_wot
He wasn't "singling out" Tescos. I'd like to know who these unsourced critics
are. Looks to me like another example El Reg inserting a bit of misinformation
in their reporting...

