[Wine] WineHQ database compromise

Conan Kudo (ニール・ゴンパ) ngompa13 at gmail.com
Tue Oct 11 17:54:26 CDT 2011


2011/10/11 Josh Juran <josh at iswifter.net>

> On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
>
> > On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh at iswifter.net> wrote:
> >
> >> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
> none of them were otherwise valuable.  (Remember FireSheep?)
> >
> > Wait, what? Bugzilla sends passwords in cleartext? That isn't very
> smart... Is there no way to replace this with some sort of client based
> hashing or something?
>
> To clarify, your browser sends your password to bugzilla in cleartext,
> since HTTPS isn't an option.
>
> Firesheep was a lesson that even once passwords are secure, session
> credentials are still vulnerable to sniffing. Some sites went to HTTPS-only
> sessions after that.
>
> Josh
>
>
>
Shouldn't it be possible to modify the login environment so that a salted
hash of the password is produced before sending it to the server, to
strengthen the security a little bit?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/65a1b084/attachment.html>


More information about the wine-users mailing list