Profile cover photo
Profile photo
Ken Warner
244 followers -
hey, i'm that guy!
hey, i'm that guy!

244 followers
About
Ken's posts

Post has attachment

Post has attachment

Post has shared content
interesting proposal
Learning in the Digital Age, Bill of Rights: http://blog.udacity.com/2013/01/a-bill-of-rights-and-principles-for.html. We want this to be an evolving document, join the conversation by sharing your thoughts.

Post has shared content
If you have a Pandora account, I highly recommend using a throwaway password for it (assuming you don't do so already).

Why? Because Pandora doesn't even one-way hash their passwords. If your account is logged in on a computer, anyone who sits down at that computer can go and look up your password on Pandora's settings page.

Attached is an image that shows what that settings page looks like upon load - I haven't manually entered anything into the form fields and I don't use Chrome's auto-fill; the text in the fields is populated by Pandora.... including the plaintext of the password.

Things like this are why I wrote a blog post about how to do web app auth correctly:
http://codingkilledthecat.wordpress.com/2012/09/04/some-best-practices-for-web-app-authentication/

Thanks to +Dan Boger for bringing this up.

---

Edit: Also just discovered that their password-reset tokens aren't single use. You can reset the password of an account multiple times with the same reset token link...

Also, since Pandora allows you to just change the password field and hit "Save", if you come across someone's logged-in computer, you can just change their password even if Pandora didn't tell you what it was. (The right way to do this is to require the user to enter their current password along with the new password, and pre-fill none of the fields.)

#security   #pandora

Post has attachment
#futurestuff

Post has attachment

Post has attachment

Post has shared content
New 'Prometheus' video: watch robot Michael Fassbender cry
http://vrge.co/HKffRV

Post has attachment
I see my kids for 30 minutes in the morning and between 6-8 pm. I'm more often than not back to work after kids are in bed, so i feel zero guilt for leaving the office by 5:30. Glad to work for a company that feels the same way

Post has attachment
Wait while more posts are being loaded