That’s because nobody cares Paul.

Gee, thanks Tim.

Hi Paul,
Well it was more than ‘just’ the mailserver being hacked. If the hacker got access to the user table they have a copy of our usernames, email addresses and passwords. I posted my concern on adams blog about podshow possibly storing passwords in plaintext (they email you the password in plaintext. I’m guessing they store(d) it that way too. Sadly my posts didn’t show up on adams blog. There could be a glitch in the blog system or perhaps he removed it. I don’t know there story there.

Anyway, I’m not entirely convinced about their security policy. Anyone can be hacked, but it doesn’t help matters when the DB access isn’t locked down (stored procedures, usernames with specific rights, permissions on views), the DB containing sloppy information, and running off-the-shelf free software without keeping up to date. Last time I poked around they were running an old version of phpmyads, exploit that and get into the system.

I don’t think the comments should be “podshow sucks” but more “podshow needs a complete security audit for podcasters to have continued faith”.

I do hope my comment doesn’t vanish off your blog like it did on curry.com (I do want to believe it’s just a DB storing glitch and not AC deleting comments hitting too close to home).