[Wine] WineHQ database compromise
josh at iswifter.net
Tue Oct 11 17:46:03 CDT 2011
On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh at iswifter.net> wrote:
>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable. (Remember FireSheep?)
> Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... Is there no way to replace this with some sort of client based hashing or something?
To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.
Firesheep was a lesson that even once passwords are secure, session credentials are still vulnerable to sniffing. Some sites went to HTTPS-only sessions after that.
More information about the wine-devel