On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh@xxxxxxxxxxxx> wrote: > On Oct 11, 2011, at 12:13 PM, Jeremy White wrote: > > > Unfortunately, the attackers were able to download the full login > > database for both the appdb and bugzilla. This means that they have all > > of those emails, as well as the passwords. The passwords are stored > > encrypted, but with enough effort and depending on the quality of the > > password, they can be cracked. > > > > This, I'm afraid, is a serious threat; it means that anyone who uses the > > same email / password on other systems is now vulnerable to a malicious > > attacker using that information to access their account. > > Since bugzilla passwords were sent in cleartext anyway, I sincerely hope > none of them were otherwise valuable. (Remember FireSheep?) > > Josh > > Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... Is there no way to replace this with some sort of client based hashing or something? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/a513680e/attachment.html>
