1] not using secure http for log-ins seems a bit 20th century.
2] to join this mailing list, I needed to send my new credentials over unsecured http - see 1] above.
3] to change password from the compromised reset password, I need to use unsecured http - see 1] above.
My point here is that if you are saddened, upset or concerned about the compromise, might the 3 above points also be on the list of things to address?
Pardon if this is already pointed out, I've no desire to spend an hour to read archives when I'd still want devs to see that more than just one person likes secure logins.
flame on!
MODERATOR: spam link removed
Thoughts regarding the database compromise....
First Last now why is securing it that important on the mailing list.
Email is not secure to start off with unless you use a signing certificate to sign your messages.
Basically everything could be done to secure those passwords and it basically does nothing to stop people posting as you onto the mailing list as a imposter. Posting emails with fake from addresses is really really simple.
Something being compromised on is a zero issue.
Source code archive yes that had to be secure. Bugzilla and Appdb yes that has to be secure.
Now someone breaches you on mailing list post report of breach in bugzilla works very well.
There is a reason why wine never in the first place went for a single sign on solution.
At some point in the future the world need to move up to signed emails or newer more secure tech.
Email is not secure to start off with unless you use a signing certificate to sign your messages.
Basically everything could be done to secure those passwords and it basically does nothing to stop people posting as you onto the mailing list as a imposter. Posting emails with fake from addresses is really really simple.
Something being compromised on is a zero issue.
Source code archive yes that had to be secure. Bugzilla and Appdb yes that has to be secure.
Now someone breaches you on mailing list post report of breach in bugzilla works very well.
There is a reason why wine never in the first place went for a single sign on solution.
At some point in the future the world need to move up to signed emails or newer more secure tech.
I was under the impression that the "reason" was simply because the different parts of the site evolved separately. I also suspect that many, possibly most, users used the same email address and password on all parts of the site anyway, so the "security" of forcing people to create separate accounts is illusory.oiaohm wrote:There is a reason why wine never in the first place went for a single sign on solution.
-
jjmckenzie
- Moderator
- Posts: 1153
- Joined: Wed Apr 27, 2011 11:01 pm
Thoughts regarding the database compromise....
On 10/16/11 7:09 AM, dimesio wrote:
off-line. It was decided NOT to implement such a feature because if
your Forum logon, for instance, was cracked, so was your Bugzilla and
Applications Database. Some of the older users found that
unacceptable. As a Information Security Specialist, I found that
unacceptable as well. We require, in my workplace, separate logins for
each system a user accesses, specifically to address that case.
James
The move to a single sign-on was discussed at length both on andoiaohm wrote:I was under the impression that the "reason" was simply because the different parts of the site evolved separately. I also suspect that many, possibly most, users used the same email address and password on all parts of the site anyway, so the "security" of forcing people to create separate accounts is illusory.There is a reason why wine never in the first place went for a single sign on solution.
off-line. It was decided NOT to implement such a feature because if
your Forum logon, for instance, was cracked, so was your Bugzilla and
Applications Database. Some of the older users found that
unacceptable. As a Information Security Specialist, I found that
unacceptable as well. We require, in my workplace, separate logins for
each system a user accesses, specifically to address that case.
James
Re: Thoughts regarding the database compromise....
Do you seriously believe that the fact that people had to create separate accounts for the various parts of WineHQ stopped anyone from using the same login and password on all of them?jjmckenzie wrote:if your Forum logon, for instance, was cracked, so was your Bugzilla and Applications Database.
-
jjmckenzie
- Moderator
- Posts: 1153
- Joined: Wed Apr 27, 2011 11:01 pm
Thoughts regarding the database compromise....
On 10/16/11 4:41 PM, dimesio wrote:
security is to rely on people being lazy. The process of adding a
'single' sign-on was addressed and the ability of compromise was one of
the reasons it was rejected. However, there is nothing that prevents a
user on the Forums from using the same login information for all four
sites, which leaves the accounts in the same situation. I do recommend
that different passwords be used for the different sites, but that is up
to the individual user to assess, evaluate and to accept the risk. In
this case, the database was compromised, and user information should be
assumed to be leaked (although Jeremy says it was not, and I have strong
faith in his abilities, crackers are very careful to cover their tracks
if at all possible.)
Summary: If you have accounts on the four WineHQ sites, use different
passwords. I tend to use 256 bit or higher, easy to remember, ones.
Pass-phrases are the best as only you know what was changed and why.
James
No. I don't believe this for one moment. One of the tricks of breakingjjmckenzie wrote:Do you seriously believe that the fact that people had to create separate accounts for the various parts of WineHQ stopped anyone from using the same login and password on all of them?if your Forum logon, for instance, was cracked, so was your Bugzilla and Applications Database.
security is to rely on people being lazy. The process of adding a
'single' sign-on was addressed and the ability of compromise was one of
the reasons it was rejected. However, there is nothing that prevents a
user on the Forums from using the same login information for all four
sites, which leaves the accounts in the same situation. I do recommend
that different passwords be used for the different sites, but that is up
to the individual user to assess, evaluate and to accept the risk. In
this case, the database was compromised, and user information should be
assumed to be leaked (although Jeremy says it was not, and I have strong
faith in his abilities, crackers are very careful to cover their tracks
if at all possible.)
Summary: If you have accounts on the four WineHQ sites, use different
passwords. I tend to use 256 bit or higher, easy to remember, ones.
Pass-phrases are the best as only you know what was changed and why.
James
