It seems that AOL, which has sent me many a wonderful coaster for cold beverages, doesn’t really care about the security of they user base. As we all know AOL users aren’t known for their computer prowess and don’t need any more help giving away personal information. It’s been reported that AOL is truncating passwords to 8 characters even if a stronger 16 character password is used. This makes a brute force password attack much simpler for attackers. Although probably the easiest way to get AOL passwords is to simply ask the user for it in a crudely crafted email phish. Just because it looks like it comes from [email protected] doesn’t mean you should give them your first-born child if they ask for it.
Source: ITWire
