exim vulnerability fun

Lots of fun over weekend for admins with not-quite-latest exim… I’m getting emails from various services saying their user information databases were compromised, which I assumes related to the rootkits that the vulnerability allows you to install. Which makes me wonder: how many sites are storing passwords unencrypted? If a user database is compromised, and the passwords are encrypted, it would only really affect people with stupid passwords. Anyway, here we go again, changing logins on god-knows-how-many systems…