From owner-freebsd-chat@FreeBSD.ORG  Mon May 28 17:18:02 2007
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
X-Original-To: chat@freebsd.org
Delivered-To: freebsd-chat@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4927D16A492
	for <chat@freebsd.org>; Mon, 28 May 2007 17:18:02 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.237])
	by mx1.freebsd.org (Postfix) with ESMTP id 07C0713C4AE
	for <chat@freebsd.org>; Mon, 28 May 2007 17:18:01 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: by nz-out-0506.google.com with SMTP id 14so384486nzn
	for <chat@freebsd.org>; Mon, 28 May 2007 10:18:01 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	b=fz7V7+/dlZ6TU2xFY9zushLP/d9aRfftNx8dZ5zELSy+vhbc+IdOvuU62V+gM7tKqX10JRiqvd+BUsOd1UBowDiUrBDCr08sKrByadt70jR6L8rn1vogLdTpeoBKzmXdxIs69F5uMeTC58BpiKTWZdufN9H0+no3tNq7/PvNfqw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	b=c+t3a50BZU4MWLTwg8JSlJhTM/C6haTncOsJU7xUGHe7Ez0fsIqE/b3o3i38Dm3zOtV9sD0/bMYXcnl364XPWE0vb9PJ71sziipCSeso57U/MUl3deXiP7AsPVoOsEPAdfJ3gF1Togzx7LX6jZHAzbn1MYCBE9SS/fNGtCex2rY=
Received: by 10.114.254.1 with SMTP id b1mr3030291wai.1180371122797;
	Mon, 28 May 2007 09:52:02 -0700 (PDT)
Received: by 10.114.194.5 with HTTP; Mon, 28 May 2007 09:52:02 -0700 (PDT)
Message-ID: <cb5206420705280952q19854374o37d65820f02fb80d@mail.gmail.com>
Date: Mon, 28 May 2007 20:52:02 +0400
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
Sender: infofarmer@gmail.com
To: "FreeBSD Chat" <chat@freebsd.org>, "Anton Alekseev" <alekseev.a@gubkin.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: bf81e719d268b045
Cc: 
Subject: javascript-based password verification
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2007 17:18:02 -0000

I find it hard to believe, but natural selection
has apparently not weeded out one of the most
brain-dead web authentication methods yet.

The winner is...

D-Link. Its latest series of cheap VPN routers,
ADSL gateways and access points verify passwords
with javascript. The passwords are stored in clear
text. Granted, this only happens when you try to
change current password, but that doesn't mean it's
not one of the dumbest security breaches.

I have this gaping hole in my DSL-2640, and I'm
sure they won't fix it any time soon...