[Wine] WineHQ database compromise
Conan Kudo (ニール・ゴンパ)
ngompa13 at gmail.com
Tue Oct 11 17:37:49 CDT 2011
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh at iswifter.net> wrote:
> On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:
> > Unfortunately, the attackers were able to download the full login
> > database for both the appdb and bugzilla. This means that they have all
> > of those emails, as well as the passwords. The passwords are stored
> > encrypted, but with enough effort and depending on the quality of the
> > password, they can be cracked.
> > This, I'm afraid, is a serious threat; it means that anyone who uses the
> > same email / password on other systems is now vulnerable to a malicious
> > attacker using that information to access their account.
> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
> none of them were otherwise valuable. (Remember FireSheep?)
Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart...
Is there no way to replace this with some sort of client based hashing or
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wine-devel