[Wine] Thoughts regarding the database compromise....

James McKenzie jjmckenzie51 at gmail.com
Sun Oct 16 18:59:08 CDT 2011


On 10/16/11 4:41 PM, dimesio wrote:
> jjmckenzie wrote:
>> if your Forum logon, for instance, was cracked, so was your Bugzilla and Applications Database.
> Do you seriously believe that the fact that people had to create separate accounts for the various parts of WineHQ stopped anyone from using the same login and password on all of them?
>
No.  I don't believe this for one moment.  One of the tricks of breaking 
security is to rely on people being lazy.  The process of adding a 
'single' sign-on was addressed and the ability of compromise was one of 
the reasons it was rejected.  However, there is nothing that prevents a 
user on the Forums from using the same login information for all four 
sites, which leaves the accounts in the same situation.  I do recommend 
that different passwords be used for the different sites, but that is up 
to the individual user to assess, evaluate and to accept the risk.  In 
this case, the database was compromised, and user information should be 
assumed to be leaked (although Jeremy says it was not, and I have strong 
faith in his abilities, crackers are very careful to cover their tracks 
if at all possible.)

Summary:  If you have accounts on the four WineHQ sites, use different 
passwords.  I tend to use 256 bit or higher, easy to remember, ones.  
Pass-phrases are the best as only you know what was changed and why.

James






More information about the wine-users mailing list