On 31/01/06, Tomasz Wegrzanowski taw@users.sourceforge.net wrote:
A lot of people have just lost their account because of this, and it wasn't even announced that it was coming. This part of the problem could be reduced if the change was announced in advance.
It strikes me that announcing in advance "Hey, guys, a number of accounts INCLUDING n SYSOPS have blank passwords and can easily be taken over..", then not fixing it for a while, is a recipe for disaster. It's not that hard to generate a list of users with admin privileges, and presumably neither is it impossible to write a short script to try 800 logins...
-- - Andrew Gray andrew.gray@dunelm.org.uk