
SuperProf Private Tutor Site Fails Password Test, Makes Accounts Super Easy To Hack (grahamcluley.com) 40
Superprof, which claims to be "the world's largest tutoring network," has made its newest members' passwords utterly predictable... leaving them wide open to hackers. From a report: SuperProf is a website that helps you find a private tutor -- either online via webcam, or face-to-face. The site claims to have over three million tutors on its books, helping people learn languages, how to play musical instruments, or giving kids extra lessons in tricky subjects. It's not the only site which offers these kind of services. For instance, SuperProf has just taken over UK-based The Tutor Pages, and -- to the surprise of many Tutor Pages teachers -- migrated them to SuperProf. And, sadly, that account migration has been utterly incompetent from the security point of view.
In an email that SuperProf sent Tutor Pages teachers last night, it shared details of how they can login to their new SuperProf account. If a tutor's name is Barbara, her new SuperProf-provided password is "superbarbara". Clarinetist Lisa's new SuperProf-supplied password is "superlisa."
In an email that SuperProf sent Tutor Pages teachers last night, it shared details of how they can login to their new SuperProf account. If a tutor's name is Barbara, her new SuperProf-provided password is "superbarbara". Clarinetist Lisa's new SuperProf-supplied password is "superlisa."