Sometimes you just have to wonder how long computer security professionals will have to keep screaming “Don’t store passwords in plain-text” before people take notice. Getting an email like this from MasterCard really freaks me out:

I wonder if they store PINs in plain-text, too. It’s just sad when a credit card company’s policies allow something like this to get pushed in to production.

No Comments