[Wine] WineHQ database compromise

Martin Gregorie martin at gregorie.org
Wed Oct 12 06:40:35 CDT 2011

On Wed, 2011-10-12 at 10:27 +0200, Frédéric Delanoy wrote:

> Maybe the mail should mention to directly change that pwd (or provide
> a one-time pwd you need to change on first login), but then again it's
> plain http, so that doesn't help much.
Anybody with half a brain will have done that anyway.

Note that that message contains both the 'user name' AND the plaintext
password, but as others have said, this is unavoidable. Immediately on
receipt of the message, the user should:
- login using that password
- change the password to one of his own choice
- logout

BTW, it would most useful to know more about the type of password that
can be used, in particular:
- maximum and minimum lengths
- what characters are acceptable. A password should be case sensitive
  and contain any printable character. Systems that are case agnostic
  and accept only the characters a-z0-9 are simply not good enough.
  Systems that accept a longer passphrase are good on two counts: a
  phrase is often easier to remember and its length makes it harder
  to crack.
- if a dictionary is used to ban easily guessable passwords
- if passwords can be re-used - ideally not. 


More information about the wine-users mailing list