Re: Thoughts regarding the database compromise....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/16/11 4:41 PM, dimesio wrote:
jjmckenzie wrote:
if your Forum logon, for instance, was cracked, so was your Bugzilla and Applications Database.
Do you seriously believe that the fact that people had to create separate accounts for the various parts of WineHQ stopped anyone from using the same login and password on all of them?

No. I don't believe this for one moment. One of the tricks of breaking security is to rely on people being lazy. The process of adding a 'single' sign-on was addressed and the ability of compromise was one of the reasons it was rejected. However, there is nothing that prevents a user on the Forums from using the same login information for all four sites, which leaves the accounts in the same situation. I do recommend that different passwords be used for the different sites, but that is up to the individual user to assess, evaluate and to accept the risk. In this case, the database was compromised, and user information should be assumed to be leaked (although Jeremy says it was not, and I have strong faith in his abilities, crackers are very careful to cover their tracks if at all possible.)

Summary: If you have accounts on the four WineHQ sites, use different passwords. I tend to use 256 bit or higher, easy to remember, ones. Pass-phrases are the best as only you know what was changed and why.

James






[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux