0x1B

RCN Corporation customer posted on Reddit about his exchange with RCN customer support via phone and later on Twitter. Turns out, RCN stores customer passwords and security phrases in plaintext and does not see any issue with this. In customer's own words:
Shocked by this conversation, customer contacted the company's official representative on Twitter @RCNconnects and got the following reply (screenshot on imjur):
For those who are not familiar with RCN (like me), RCN Corporation is a large American communications provider (telephone, cable television, and internet) with hundreds of millions in revenue and hundreds of thousands customers.
 
My personal thoughts: It's alarming that such a large infrastructure provider does not understand even the basic principles of hashes and how to use them to store passwords. Clearly, this is not for the lack of resources or something else, their security team (and support team and management) either completely do not care or are basically illiterate in security.
Do you personally use their services? If so, what do you plan to do (if anything)?
 
EDIT: Some people mentioned past post that T-Mobile Austria was storing passwords in plaintext as well. Yes, this is the point of this post: to publicize this information in hopes that the public pressure will convince the company (RCN in this case) to fix the issues.

Hello,
I'm an Ubuntu user (currently run 17.10, but will switch to 18.04 once it's released). I'm glad that GNU/Linux is interesting for you, however it might not be a good choice for you. First, I'll present an argument that you don't need it; then I'll tell you how to try GNU/Linux without committing to it; and lastly, I'll explain why dual-booting is probably the worst possible option.
 
If your main objective is to learn about programming in C, then you don't need Linux. In fact, I'd recommend to stick with Windows 10 simply because you are already familiar with it and learning your way around the Linux distribution (and console, e.g. bash) would make learning curve a bit steeper. Programming language (including C) is just a set of pragmas (fundamental "philosophical" principals of what is correct) and syntax ("grammar") -- it is the same for any OS. Actually, there are in fact different revisions of C, like C99 or C11, but they are not tied to OS'es, and instead to compilers (and flags) you use. Thus, if you want to learn just C, learn C in an environment you are familiar with. Unless you are planning to use some advanced functionality of Linux (like write kernel modules), Windows should suffice (e.g., file I/O and threading are not identical, but similar enough for learning purposes).
 
If you just want to explore the bare basics, try https://www.hackerrank.com/ or something similar -- there you are presented with small challenges that you can solve right in your browser. (You code in a text box and immediately get graded; your solution is graded on their servers, so to start you just need to register and pick a challenge. Challenges are primitive, like traverse doubly-linked list or do something with a tree, but you might like it.
 
If you are interested in GNU/Linux, then Windows 10 has "Windows Subsystem for Linux" -- basically it is a Microsoft-provided compatibility layer (like VM) that would let you run terminal applications without living comfort of Windows 10. Another temporary solution is to use a Live USB -- to install GNU/Linux on USB drive and to boot from it! Then you simply change drive boot priority, but do not risk damaging your existing Windows 10 installation. Of course, you can always use a VM as well.
 
Lastly, here is why you should avoid dual booting from the same physical drive: you can break your file system and loose your data! That should scare you, unless you do regular backups. Also, (you should know already) do a full backup of important files before performing any major operations on the OS.
When you dual boot, in reality you boot into a "menu" (usually provided by GNU/Linux) where you choose which OS and with which options to boot; that means that when you install dual boot, your original MBR/EFI should be moved, resulting in permanent changes to your system. No Ctrl+Z for this! On the other hand, if you boot from different physical drives, you would simply need to change the boot order; then in GNU/Linux you can mount the Windows 10 drive easily. If something goes wrong (you break GNU/Linux), you can just go back to Windows.
 
The world runs on GNU/Linux, but does not spin only around it. (Sorry, that's cheesy... I'm almost done). In fact, you probably play video games, guess what: gaming is the weakest spot of Linux. Even Valve could not resolve it with their SteamOS, and that's not for lack of trying. (Linux is not bad for gaming, game developers simply don't care about its minuscule market share.) Unless you are OK with using Wine and managing its different installed versions (and loose some performance), I'd recommend against it.
 
GNU/Linux is more than an OS -- it is a lifestyle. You can do much more, but you can break much more too.
For example, today I finally installed a Windows game from mid-2000, which would not work on North-American Windows because of Windows-1251 encoded file paths... so I scanned the binary and tried to replace the paths in the .data segment. Does it work? Yes... Stable? I don't know... Is it worth it? Definitely not, a VM could play it. But this is definitely more fun then the game itself.

Hello,
I'm an Ubuntu user (currently run 17.10, but will switch to 18.04 once it's released). I'm glad that GNU/Linux is interesting for you, however it might not be a good choice for you. First, I'll present an argument that you don't need it; then I'll tell you how to try GNU/Linux without committing to it; and lastly, I'll explain why dual-booting is probably the worst possible option.
 
If your main objective is to learn about programming in C, then you don't need Linux. In fact, I'd recommend to stick with Windows 10 simply because you are already familiar with it and learning your way around the Linux distribution (and console, e.g. bash) would make learning curve a bit steeper. Programming language (including C) is just a set of pragmas (fundamental "philosophical" principals of what is correct) and syntax ("grammar") -- it is the same for any OS. Actually, there are in fact different revisions of C, like C99 or C11, but they are not tied to OS'es, and instead to compilers (and flags) you use. Thus, if you want to learn just C, learn C in an environment you are familiar with. Unless you are planning to use some advanced functionality of Linux (like write kernel modules), Windows should suffice (e.g., file I/O and threading are not identical, but similar enough for learning purposes).
 
If you just want to explore the bare basics, try https://www.hackerrank.com/ or something similar -- there you are presented with small challenges that you can solve right in your browser. (You code in a text box and immediately get graded; your solution is graded on their servers, so to start you just need to register and pick a challenge. Challenges are primitive, like traverse doubly-linked list or do something with a tree, but you might like it.
 
If you are interested in GNU/Linux, then Windows 10 has "Windows Subsystem for Linux" -- basically it is a Microsoft-provided compatibility layer (like VM) that would let you run terminal applications without living comfort of Windows 10. Another temporary solution is to use a Live USB -- to install GNU/Linux on USB drive and to boot from it! Then you simply change drive boot priority, but do not risk damaging your existing Windows 10 installation. Of course, you can always use a VM as well.
 
Lastly, here is why you should avoid dual booting from the same physical drive: you can break your file system and loose your data! That should scare you, unless you do regular backups. Also, (you should know already) do a full backup of important files before performing any major operations on the OS.
When you dual boot, in reality you boot into a "menu" (usually provided by GNU/Linux) where you choose which OS and with which options to boot; that means that when you install dual boot, your original MBR/EFI should be moved, resulting in permanent changes to your system. No Ctrl+Z for this! On the other hand, if you boot from different physical drives, you would simply need to change the boot order; then in GNU/Linux you can mount the Windows 10 drive easily. If something goes wrong (you break GNU/Linux), you can just go back to Windows.
 
The world runs on GNU/Linux, but does not spin only around it. (Sorry, that's cheesy... I'm almost done). In fact, you probably play video games, guess what: gaming is the weakest spot of Linux. Even Valve could not resolve it with their SteamOS, and that's not for lack of trying. (Linux is not bad for gaming, game developers simply don't care about its minuscule market share.) Unless you are OK with using Wine and managing its different installed versions (and loose some performance), I'd recommend against it.
 
GNU/Linux is more than an OS -- it is a lifestyle. You can do much more, but you can break much more too.
For example, today I finally installed a Windows game from mid-2000, which would not work on North-American Windows because of Windows-1251 encoded file paths... so I scanned the binary and tried to replace the paths in the .data segment. Does it work? Yes... Stable? I don't know... Is it worth it? Definitely not, a VM could play it. But this is definitely more fun then the game itself.

TL;DR Keep your system up to date, Spectre and Meltdown had been patched already in most (if not all) distributions of GNU/Linux, MacOS, Windows, etc.
 
To understand how to defend yourself against these vulnerabilities, you first need to know what they are. In short, processors (the literal silicon) have a feature called "speculative execution", which can be abused by processes running in unprivileged context to "peek into" nearby memory which belongs to other processes memory or even the kernel. The fix is simple: since the exploit relies on proximity of the memory "chunks", the OS programmers just need to change the way memory is handled to separate each process memory and especially OS memory. That is exactly what Microsoft and Linus Torvalds did in the begging of this year and already released patches, which have been integrated in most distributions of both systems so far. I assume you are running a modern consumer version of Windows, so my advice is "just install all the updates" following the Microsoft checklist.
 
The issue arises from CPU "speculating" and starting to prepare data for the next program's share of the CPU time while the old program is still being executed, so the old program can peek into the next program's memory. The important thing here is that it is read access, not write access and effectively in order for that to happen, you have to run the specifically manufactured code on your machine in the first place. So unless you tend to download a lot of stuff from untrusted sources and running it, you are probably fine even not updating (but you should update anyway). The problem mostly affects cloud server companies as they have to run whatever clients decide to run and thus must update.
 
If you would like to know what "speculative execution" is, here is an analogy (clay = data, choice of what to make = conditional jump, burning = mathematical operations, products = products of computation).
Imagine you produce ceramic bricks, roof tiles and dishes, but the market is changing every day and you don't know what will be popular today (and products made today will go out of fashion tomorrow). To make them, you take clay from a pit in your back yard (free of charge for you), shape clay in the required product (free of charge for you) and then burn pre-formed clay in an oven (that has two modes: coll/idle burning 6 pieces of wood an hour and hot/working burning 10 pieces of wood an hour).
Thus you have two problems:
- you want to sell as much product as possible, but don't know what will be in demand,
- you have to spend some wood to run the oven all the time, you can only choose whether to have it idle (wasting little wood) or active (producing products)
Obviously, the best situation is to predict in advance what will be needed and produce it... but you can only guess and pick one of the three products. Furthermore, if the market price is high enough and you can guess well, it will always be better to burn at full power and produce something and then discard it if your speculation was wrong. Thus you have to "speculate" and "execute" only one "course of action" (aka "branch" in "execution" tree) out of possible three, but it is worth it. Also, you might not even have a choice as some of clay currently in oven needs burning, but oven is not full, so it might be better to stick in more clay because oven is already hot.
 
Turns out, modern processors achieve prediction rate of up to 98% (crazy, right?) and can thus provide a much better performance. That is partially due to the fact that CPU spends most time in loops like
int data[1000]; for (int i = 0; i <= 1000; i++) { data[i]=i; } and in most cases you can compute the correct next value of i and place it into the register before the previous one gets written back to the cache.
 
There actually is even a set of programming techniques to make your code more "predictable" (have simpler patterns in a number of ways) so that processors would run code faster.
 
There is so much hype around the problem for few reasons:
- wide range of affected devices (pretty much everything from most manufacturers produced since 1995 up until models designed after public disclosure)
- hard to fix: initially it was believed that the only way to fix the issue is to replace the CPU altogether; now newer CPUs are rumored to get a special "no speculative execution" flag for OS to use at critical moments
- severe performance loss due to different memory management to defend against these vulnerabilities: some applications lose up to 30% of performance. Just think about it: we as a species had lost 30% of our (computational) power seemingly overnight, our development might be slowed down by 30%. Business operational costs might rise significantly, e.g. AWS experienced degraded performance after the updates and Amazon was rumored to needing to buy more hardware to compensate for it.