Slashdot Mirror
Wine HQ Password Database Compromised
With his first accepted submission, tyler.russell writes with a report that the WineHQ database systems were compromised. Quoting the official announcement: "We are sorry to report that recently our login database for the Wine HQ Application Database was compromised. We know that the entire contents of the login database was stolen by hackers. The password was encrypted, but with enough effort and depending on the quality of your old password, it could be cracked. We have closed the hole in our system that allowed read access to our database tables. To prevent further damage we have reset your password to what is shown below. We strongly suggest that if you shared your AppDB password on any other sites that you change that password as soon as possible.". He adds: "A new username and password were included with this email."
So their solution to a security breach is to send out everyone's logins via clear text?
entire contents of the login database was stolen by hackers
Dammit. They didn't steal it. They made a copy. Okay?!
If you accept that the internet will spit out your details at some point do this;
1. Sign up to dropbox (it's free and works on all platforms - including mobiles)
2. Get a copy of Keepassx, mac/windows version might have different name, never used them.
3. Store database of keepassx on dropbox so you've always got access to it.
4. Each website gets own generated password, short passwords for things you might need to type in on phone but still random.
This way, 1 bad event like this keeps you safe. I have both on my Android as well so it's with me always. /Maq
"but with enough effort and depending on the quality of your old password, it could be cracked."
So just wait for the torrent to come out and check the list then.
but having security problems adds another layer of compatibility with windows.
Sending passwords in clear-text emails is only a minor security risk: in general, only network providers, system administrators, and three-letter agencies are in a position where they can intercept or read a user's email. If the people who attacked the WineHQ database don't fall into one of those categories, resetting passwords and sending the new ones in clear-text emails represents a dramatic reduction in the impact of the database compromise. If the attackers *do* fall into one of those categories, sending the emails does not increase the impact.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
And remembering which one you used on every single site you use regularly? Sure, for email and the like, but there are at least a dozen (probably more) sites I visit semi-regularly. Remembering such passwords for each site is quite a trick. You can vary the password based on the site name (as others have suggested) or some such scheme, but it gets tricky if you use even a fair number of internet sites.
I only remember the passwords for 3-4 sites I visit (which I might want to access from random computers), and use random ones stored in Lastpass for the rest. Works for me.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
It's not PHP that's the problem here, it's the specific software package phpMyAdmin. It's software that should never be deployed on an Internet-facing computer because of its security problems: about a third of the malicious traffic on my webserver is people probing for phpMyAdmin installations.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
The word steal invokes the mental image of taking away, while copyright infringement doesn't, so steal is an inaccurate label for copyright infringement since no taking away is involved. The same thing that makes it inaccurate is exactly what makes it a great rhetorical trick. It's like referring to a speeder as a "dangerous criminal" or someone who thinks that trains should run on time as someone who "holds certain views in common with Nazis". You can think and argue that copyright infringement is bad without reducing yourself to that level, so whether copyright infringement is good or bad is irrelevant to the topic.
In the UK the definition of theft explicitly sets out several tests including:
"dishonestly acquire, with the intention to permanently deprive"
This is why we have other laws such as the offence of "Taking without consent" of a motor vehicle, which covers situations where the acquisition can be proven dishonest but no intent to permanently deprive can be proven i.e. the offender takes, uses and abandons a vehicle, maybe even at or near where the owner left it.
Most of the English speaking (officially/legally) world outside of the USA is likely to be the same.
those showoffs were running IIS on WINE.
Anons need not reply. Questions end with a question mark.
In English Law "steal" refers to "theft". It's the same.
From the Theft Act 1968 (current English Law):
"A person is guilty of theft, if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it; and "thief" and "steal" shall be construed accordingly."
Dishonestly appropriating the contents of another person's database wouldn't be theft in England, though it would be a very serious offence under the Computer Misuse Act. The penalty could be as high as 5 years imprisonment.
You may have heard the quote "Immature poets imitate; mature poets steal" which is from T.S Eliot in 1921. That plagiarism is a form of "stealing" is well established in the English language and you are the one who want to redefine the word so that you have to call it "copyright infringement" instead, not Big Content.
Football Odds