Slashdot Mirror
Wine HQ Password Database Compromised
With his first accepted submission, tyler.russell writes with a report that the WineHQ database systems were compromised. Quoting the official announcement: "We are sorry to report that recently our login database for the Wine HQ Application Database was compromised. We know that the entire contents of the login database was stolen by hackers. The password was encrypted, but with enough effort and depending on the quality of your old password, it could be cracked. We have closed the hole in our system that allowed read access to our database tables. To prevent further damage we have reset your password to what is shown below. We strongly suggest that if you shared your AppDB password on any other sites that you change that password as soon as possible.". He adds: "A new username and password were included with this email."
Do you have another, better solution?
Right, and I often hear them say that, except the problem is that no part of the definition of steal ever involves deprivation. Usually stealing leads to deprivation, but it's not required. Since the early 1900s, the definition of steal has included obtaining without permission, no deprivation involved whatsoever, especially in legal dictionaries which are what matters in this context.
Similarly, if you take control of a bus, but continue to drive all passengers to their destination and allow them to alight, you're still guilty of kidnapping (actually, the definition of this varies between States, however in my country there is one legal definition, and it includes conveyance without legal permission.)
I know the pirates want to hold onto a single, antiquidated definition of the word to try and force their views, but language changes - geeks are usually at the forefront of this adoption, and it's sad to see people so eager to give up societal advancement for personal gain. For all our pretence of social and moral superiority over our forebears, folks are as self-indulgent as ever - this hyporitical stance against the modern definition of "steal" is a great example.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Sending passwords in clear-text emails is only a minor security risk: in general, only network providers, system administrators, and three-letter agencies are in a position where they can intercept or read a user's email. If the people who attacked the WineHQ database don't fall into one of those categories, resetting passwords and sending the new ones in clear-text emails represents a dramatic reduction in the impact of the database compromise. If the attackers *do* fall into one of those categories, sending the emails does not increase the impact.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Good, unique passwords are fine until you have more than a handful of accounts. Even using a base password with something unique per site will only get you so far.
Password managers are the next step, but they have to be available wherever you happen to be. That either means a smartphone (but typing in the password from my phone defeats the purpose and is a pain with truly strong passwords, a lost/stolen phone becomes a nightmare, and I don't have a smartphone anyway) or a website I can log into and copy/paste from (which then puts all my eggs in one basket, and brings up a whole mess of other issues, especially with public terminals), or a USB drive (which hopefully isn't locked out on the system you need to use, and has the potential for spreading viruses to every computer it touches).
Oh, and then there's password resets ... which effectively turn your password into your mother's maiden name. Stored in the clear, of course.
I agree. Passwords are a mess. The problem is, I have no clue how to replace them. Do you?
And remember, the biggest problem isn't the major sites you visit every day ... it's the 100 small sites you visit less often (such as Wine HQ). Having a SecurID token for each site won't work, for example.